mirror of https://github.com/mkerrisk/man-pages
mount_namespaces.7: Note that it is possible to stack a mount on top of a locked mount
Reported-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
Michael Kerrisk
parent
f6aaf493f8
commit
ebc82e00ee
|
|
@ -1128,6 +1128,20 @@ system call failed with the error
|
||||||
.BR EINVAL ,
|
.BR EINVAL ,
|
||||||
which is the error that the kernel returns to indicate that
|
which is the error that the kernel returns to indicate that
|
||||||
the mount is locked.
|
the mount is locked.
|
||||||
|
.IP
|
||||||
|
Note, however, that it is possible to stack (and unstack) a
|
||||||
|
mount on top of one of the inherited locked mounts in a
|
||||||
|
less privileged mount namespace:
|
||||||
|
.IP
|
||||||
|
.in +4n
|
||||||
|
.EX
|
||||||
|
$ \fBls /home\fP # Show directory to be bind mounted at /mnt/dir
|
||||||
|
lost+found/ cecilia/
|
||||||
|
$ \fBsudo unshare \-\-user \-\-map\-root\-user \-\-mount \e\fP
|
||||||
|
\fBsh \-c \(aqmount \-\-bind /home /mnt/dir; ls /mnt/dir\(aq\fP
|
||||||
|
lost+found cecilia
|
||||||
|
.EE
|
||||||
|
.in
|
||||||
.IP *
|
.IP *
|
||||||
Following on from the previous point,
|
Following on from the previous point,
|
||||||
note that it is possible to unmount an entire subtree of mounts that
|
note that it is possible to unmount an entire subtree of mounts that
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue