From ebc82e00ee7954be8b6589925e1534c57ef2ad9c Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Thu, 19 Aug 2021 01:35:30 +0200
Subject: [PATCH] mount_namespaces.7: Note that it is possible to stack a mount
 on top of a locked mount

Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man7/mount_namespaces.7 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/man7/mount_namespaces.7 b/man7/mount_namespaces.7
index 1f9888a07..73119f96f 100644
--- a/man7/mount_namespaces.7
+++ b/man7/mount_namespaces.7
@@ -1128,6 +1128,20 @@ system call failed with the error
 .BR EINVAL ,
 which is the error that the kernel returns to indicate that
 the mount is locked.
+.IP
+Note, however, that it is possible to stack (and unstack) a
+mount on top of one of the inherited locked mounts in a
+less privileged mount namespace:
+.IP
+.in +4n
+.EX
+$ \fBls /home\fP    # Show directory to be bind mounted at /mnt/dir
+lost+found/  cecilia/
+$ \fBsudo unshare \-\-user \-\-map\-root\-user \-\-mount \e\fP
+        \fBsh \-c \(aqmount \-\-bind /home /mnt/dir; ls /mnt/dir\(aq\fP
+lost+found  cecilia
+.EE
+.in
 .IP *
 Following on from the previous point,
 note that it is possible to unmount an entire subtree of mounts that