On Mon, Feb 22, 2021 at 09:44:40AM -0600, Eric W. Biederman wrote:
> Alexey Gladkov writes:
>
> > If only the dynamic part of procfs is mounted (subset=pid), then there is no
> > need to check if procfs is fully visible to the user in the new user
> > namespace.
>
>
> A couple of things.
>
> 1
Alexey Gladkov writes:
> If only the dynamic part of procfs is mounted (subset=pid), then there is no
> need to check if procfs is fully visible to the user in the new user
> namespace.
A couple of things.
1) Allowing the mount should come in the last patch. So we don't have a
bisect hazard.
2 matches
Mail list logo
