On Mon, Aug 27, 2018, 13:00 Eric W. Biederman <email address hidden> wrote:
> Christian Brauner <email address hidden> writes:
>
> > Or just fail if there are any unbindable children. But let's see what
>
> My thought is to do the work when mount unbindable is being set:
> (a) If the setter has enough permissions to umount the mount in
> question the clear MNT_LOCKED and set MNT_UNBINDABLE
>
> (b) If the setter does not have enough permissions to clear MNT_LOCKED
> than fail to set MNT_UNBINDABLE.
>
> (-) I think only the second case applies as except for mount
> propagation I don't think there is a way to clear MNT_LOCKED.
>
> This needs to happen in public with plenty of exposure as this is a very
> minor issue and there is the potential to break userspace. Who knows
> what bits of userspace we might break.
>
> I actually don't expect any but we need to be careful and probably take
> the full development cycle to get this in. Just so that we are certain
>
Are you taking this or should I?
Christian
there is plenty of time for people to test and let us know if someone's
> configuration breaks.
>
> Eric
>
On Mon, Aug 27, 2018, 13:00 Eric W. Biederman <email address hidden> wrote:
> Christian Brauner <email address hidden> writes:
>
> > Or just fail if there are any unbindable children. But let's see what
>
> My thought is to do the work when mount unbindable is being set:
> (a) If the setter has enough permissions to umount the mount in
> question the clear MNT_LOCKED and set MNT_UNBINDABLE
>
> (b) If the setter does not have enough permissions to clear MNT_LOCKED
> than fail to set MNT_UNBINDABLE.
>
> (-) I think only the second case applies as except for mount
> propagation I don't think there is a way to clear MNT_LOCKED.
>
> This needs to happen in public with plenty of exposure as this is a very
> minor issue and there is the potential to break userspace. Who knows
> what bits of userspace we might break.
>
> I actually don't expect any but we need to be careful and probably take
> the full development cycle to get this in. Just so that we are certain
>
Are you taking this or should I?
Christian
there is plenty of time for people to test and let us know if someone's
> configuration breaks.
>
> Eric
>