mirror of https://github.com/mkerrisk/man-pages
mount.2: Add EINVAL error condition when MS_BINDing MNT_LOCKED submounts
When the user creates an unprivileged mount namespace, the Linux
kernel sets the MNT_LOCKED flag [1] on any submounts to prevent
such mounts from being unmounted inside the mount namespace. Such
an unmount would reveal the filesystem tree behind the mount,
which is not otherwise possible from an unprivileged vantage
point.
Attempting to unmount such a mount will fail with EINVAL. However,
less obvious implication is that attempting a bind mount without
MS_REC, where the tree being bound contains locked sub-mounts,
will also fail with EINVAL, because, without MS_REC, such
submounts are effectively being unmounted.
Cursory googling shows several instances of people running into
this problem, so I felt it advantageous to have it documented in
the man page.
[1] 4fbd8d194f/fs/namespace.c (L1110-L1113)
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Keno Fischer
Michael Kerrisk
parent
cd14665295
commit
360d745544
|
|
@ -650,6 +650,14 @@ or
|
|||
.BR EINVAL
|
||||
An attempt was made to bind mount an unbindable mount.
|
||||
.TP
|
||||
.BR EINVAL
|
||||
In an unpriviledged mount namespace, a bind operation
|
||||
.RB ( MS_BIND )
|
||||
was attempted without specifying
|
||||
.RB ( MS_REC ),
|
||||
which would have revealed the filesytem tree underneath one of
|
||||
the submounts of the directory being bound.
|
||||
.TP
|
||||
.B ELOOP
|
||||
Too many links encountered during pathname resolution.
|
||||
.TP
|
||||
|
|
|
|||
Loading…
Reference in New Issue