vfs: Only support slave subtrees across different user namespaces
authorEric W. Biederman <ebiederm@xmission.com>
Tue, 31 Jul 2012 20:13:04 +0000 (13:13 -0700)
committerEric W. Biederman <ebiederm@xmission.com>
Mon, 19 Nov 2012 13:59:20 +0000 (05:59 -0800)
commit7a472ef4be8387bc05a42e16309b02c8ca943a40
treed08fef7f89da670c24116805dbe1bcf60e094497
parent771b1371686e0a63e938ada28de020b9a0040f55
vfs: Only support slave subtrees across different user namespaces

Sharing mount subtress with mount namespaces created by unprivileged
users allows unprivileged mounts created by unprivileged users to
propagate to mount namespaces controlled by privileged users.

Prevent nasty consequences by changing shared subtrees to slave
subtress when an unprivileged users creates a new mount namespace.

Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
fs/namespace.c
fs/pnode.h