Quoting Tejun Heo (t...@kernel.org): > Hello, Serge. > > On Wed, Nov 25, 2015 at 12:01:56AM -0600, Serge E. Hallyn wrote: > > that was my goal with > > https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/commit/?h=cgroupns.v4&id=8eb75d2bb24df59e262f050dce567d2332adc5f3 > > (which was sent inline earlier in this thread in response to Eric) Does > > that look sufficient? > > Hmmm... but that wouldn't work with non-root and user ns. I think
Are you sure? IIUC that code block is only hit when we didn't find an already-mounted subsystem. > what's necessary is ensuring that namespace scoped mount never creates > a new hierarchy but always reuses an existing one. > > Thanks. > > -- > tejun > _______________________________________________ > Containers mailing list > contain...@lists.linux-foundation.org > https://lists.linuxfoundation.org/mailman/listinfo/containers -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
