Skip to content
Snippets Groups Projects
Commit 2a3094cf authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Thierry Strudel
Browse files

vfs: Only support slave subtrees across different user namespaces


Sharing mount subtress with mount namespaces created by unprivileged
users allows unprivileged mounts created by unprivileged users to
propagate to mount namespaces controlled by privileged users.

Prevent nasty consequences by changing shared subtrees to slave
subtress when an unprivileged users creates a new mount namespace.

Acked-by: default avatarSerge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
(cherry picked from commit 7a472ef4)
parent 5e5aa6a9
Branches
Tags
No related merge requests found
Loading
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment