[Devel] Re: [patch 2/8] allow unprivileged umount

Andrew Morton akpm at linux-foundation.org
Sat Apr 21 01:36:22 PDT 2007


On Sat, 21 Apr 2007 10:09:42 +0200 Miklos Szeredi <miklos at szeredi.hu> wrote:

> > > +static bool permit_umount(struct vfsmount *mnt, int flags)
> > > +{
> > >
> > > ...
> > >
> > > +	return mnt->mnt_uid == current->uid;
> > > +}
> > 
> > Yes, this seems very wrong.  I'd have thought that comparing user_struct*'s
> > would get us a heck of a lot closer to being able to support aliasing of
> > UIDs between different namespaces.
> > 
> 
> OK, I'll fix this up.
> 
> Actually an earlier version of this patch did use user_struct's but
> I'd changed it to uids, because it's simpler.

OK..

>  I didn't think about
> this being contrary to the id namespaces thing.

Well I was madly assuming that when serarate UID namespaces are in use, UID
42 in container A will have a different user_struct from UID 42 in
container B.  I'd suggest that we provoke an opinion from Eric & co before
you do work on this.

_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list