-
Andrey Vagin authored
Here are two issues: 1. All mounts in a new user namespace are locked, so we need to create a new root mount. We need to bind-mount root to itself. 2. /proc and /sys must be mounted before umounting /proc and /sys which were inhereted. It's a security policy. """ Author: Eric W. Biederman <ebiederm@xmission.com> Date: Sun Mar 24 14:28:27 2013 -0700 userns: Restrict when proc and sysfs can be mounted Only allow unprivileged mounts of proc and sysfs if they are already mounted when the user namespace is created. """ Signed-off-by:Andrey Vagin <avagin@openvz.org> Signed-off-by:
Pavel Emelyanov <xemul@parallels.com>
0014a12d
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| arch | ||
| Makefile | ||
| cpuid.h | ||
| datagen.c | ||
| lock.c | ||
| lock.h | ||
| msg.c | ||
| ns.c | ||
| ns.h | ||
| parseargs.c | ||
| parseargs.sh | ||
| stop_and_chk.sh | ||
| streamutil.c | ||
| tcp.c | ||
| test.c | ||
| zdtmtst.h |