-
Andrey Vagin authored
Here are two issues: 1. All mounts in a new user namespace are locked, so we need to create a new root mount. We need to bind-mount root to itself. 2. /proc and /sys must be mounted before umounting /proc and /sys which were inhereted. It's a security policy. """ Author: Eric W. Biederman <ebiederm@xmission.com> Date: Sun Mar 24 14:28:27 2013 -0700 userns: Restrict when proc and sysfs can be mounted Only allow unprivileged mounts of proc and sysfs if they are already mounted when the user namespace is created. """ Signed-off-by:Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
0014a12d
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| app-emu | ||
| bers | ||
| ext-links | ||
| fault-injection | ||
| jenkins | ||
| libcriu | ||
| mem-snap | ||
| mounts | ||
| rpc | ||
| security | ||
| tcp | ||
| unix-callback | ||
| zdtm | ||
| .gitignore | ||
| Makefile | ||
| app-emu.sh | ||
| env.sh | ||
| functions.sh | ||
| maps.py | ||
| post-dump.sh | ||
| zdtm.sh | ||
| zdtm_ct.c | ||
| zdtm_mount_cgroups |