Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp5729012ybp; Tue, 8 Oct 2019 07:28:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqyztgkz9qSTIuNijuCgJ7KKfvt2ePwYUrUkLGz1Xuyez20/S5W1Ng6S3G+arJV2civDWKlw X-Received: by 2002:a50:c306:: with SMTP id a6mr34915320edb.108.1570544887159; Tue, 08 Oct 2019 07:28:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570544887; cv=none; d=google.com; s=arc-20160816; b=Fc0hJ0c2FCeWIlhd279Sa3qCHcgxrKcWPBzxAyqaLwE/gTOCBtMxk5gq18NBxBPgSR 2KN1NCsbwtdowd/KqJ8Bo6ZqlzOBDKxkys8eiq3+fZEkUL+96iyCZQw2ep5E6o7K7sBr 1Ub7g5lsiKdiVT1wjcKAaQQuFF/NZLWR9y8HTYnVmrDluZhubGhVDY0BXq+WL1HwGGM0 FzppxYHmP0A+4KeHy1ZO9eJbR7ZMMszIWUwjGDuRQVyEIw3zFmstaB2K8kvHsJicWX4O wWDZLGX2dJW7HVXBgmMyiPqwNuDeW6dphmt6zGjMAuKXAxdt8cAhacWStN7E4Ng/DZZl evwg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:to:subject:cc:dkim-signature; bh=CL2CjFqr/gvx4UlhjNVujT9/noY+ERwIiRCikO9IMQY=; b=gNi/r3hdSkkkAtTxUc9DSYVJd/T7Zw6Med1Qry9PFQQFrJHMLQ0c52yyy4JLMSJBSH b473SPxSURjyxlpyDUNycdkZZZUQcnNlkJWGkt1Vjfs297xVNs/YUEw/XP33YbMJ1kFh fJ6B1g9PQyDvblHK8CPhmXmVnIEoFc70wh6OrJnsOu5OisWaPHL/M8d1T4RomqktqWAQ qyoQGYjlkpMDE0i6JbtRnLgw2hbVYN8XEeryip8ozIncZtZEEy4aISb/cyQK/BoQkbRE YVIteWGJUbLdCezH4hqGEFzbhW+2UJ8VcnRRkrMadLQWHW1Lml17LJ/JbJKtw1Wr1h01 XTpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LEeiApTa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v25si11223864edb.286.2019.10.08.07.27.44; Tue, 08 Oct 2019 07:28:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LEeiApTa; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725989AbfJHO1b (ORCPT + 99 others); Tue, 8 Oct 2019 10:27:31 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:54489 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725900AbfJHO1b (ORCPT ); Tue, 8 Oct 2019 10:27:31 -0400 Received: by mail-wm1-f67.google.com with SMTP id p7so3391204wmp.4; Tue, 08 Oct 2019 07:27:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=cc:subject:to:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=CL2CjFqr/gvx4UlhjNVujT9/noY+ERwIiRCikO9IMQY=; b=LEeiApTaiq7CfDNq5uCLKajW+ZEy2fWSgKnxKJ9Lg752aMUR8cQhi9xUgKy1FIrJra Sa/Adp/MiQIG9W8YCUrWGbinyiwzKl4V9RZbPCSic6tZ6zFv55oiwyWxkrr7aoO2lBvk Molo2zpKRcfJs/0AwXi7McLziq233XCJbYTrexhJNrnQjtZwUDyvBlCdJJ8XzIbwPnf4 sjEXS9LAb/B44GvsdOdDGEuGzDT+s+ONWzW/b9QASEcClhKjuti2eg/5XZKPYJmKK/JZ MYpF0mOTZrLgFV7nDApB4gQwK3ESRHYgFC8nzkR8Hd+bZPT2TxxcKRk1T9GQUtaaFvP5 Caaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:cc:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=CL2CjFqr/gvx4UlhjNVujT9/noY+ERwIiRCikO9IMQY=; b=XjbHWm0WfJ4t/faicGEyH6wDI3mI8T2VPhhkHqum9E8865J9uOGh1BQFZvjQPQoi0D XdFGQHuWHKTx8IdAmP/qFly0JYKelebzrJbjeKxUiDHN7UeUEw8Kt5MBOo0DWUluB4Xu MWI3cKJZMPfs4kClIAgOvivb4V4CW5iyVx7NDCqabHK0gcXtnGheqHEihFkS3DKQwi4K K3mol0+LzhhmyiHi+fo/FzZ91aCKVIzmdSfAymukvLKvMzLn6tukHY3PnypkHh++Pgh/ DbVno9FRbpcjrBsIqdyvq05FQaEe7+RwWpzVVSZ1MtdNkScngTMbRgT1gYKdBtQQfal4 hFSw== X-Gm-Message-State: APjAAAWEpmbuTlyL0jd/oHlPkRzOd8QdZ4CBslgRNwG+HId8cTk1Ocrg IFf3Cclr+1WxxOSoJDAYm7a5Jf8p X-Received: by 2002:a1c:7c16:: with SMTP id x22mr4379378wmc.113.1570544847653; Tue, 08 Oct 2019 07:27:27 -0700 (PDT) Received: from [10.0.20.253] ([95.157.63.22]) by smtp.gmail.com with ESMTPSA id m16sm2898141wml.11.2019.10.08.07.27.25 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 08 Oct 2019 07:27:26 -0700 (PDT) Cc: mtk.manpages@gmail.com, Christian Brauner , linux-man , Containers , lkml , Andy Lutomirski , Jordan Ogas , werner@almesberger.net, Al Viro Subject: Re: pivot_root(".", ".") and the fchdir() dance To: "Eric W. Biederman" References: <20190805103630.tu4kytsbi5evfrhi@mikami> <3a96c631-6595-b75e-f6a7-db703bf89bcf@gmail.com> <87r24piwhm.fsf@x220.int.ebiederm.org> <87ftl5donm.fsf@x220.int.ebiederm.org> <20190910111551.scam5payogqqvlri@wittgenstein> <30545c5c-ff4c-8b87-e591-40cc0a631304@gmail.com> <871rwnda47.fsf@x220.int.ebiederm.org> <448138b8-0d0c-5eb3-d5e5-04a26912d3a8@gmail.com> <87ef0hbezt.fsf@x220.int.ebiederm.org> <71cad40b-0f9f-24de-b650-8bc4fce78fa8@gmail.com> <87y2y6j9i1.fsf@x220.int.ebiederm.org> <7e4b23df-ab83-3d5a-3dc5-54025e3682cf@gmail.com> <87k19geey0.fsf@x220.int.ebiederm.org> From: "Michael Kerrisk (man-pages)" Message-ID: Date: Tue, 8 Oct 2019 16:27:25 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <87k19geey0.fsf@x220.int.ebiederm.org> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hello Eric, >>> Creating of a mount namespace in a user namespace automatically does >>> 'mount("", "/", MS_SLAVE | MS_REC, NULL);' if the starting mount >>> namespace was not created in that user namespace. AKA creating >>> a mount namespace in a user namespace does the unshare for you. >> >> Oh -- I had forgotten that detail. But it is documented >> (by you, I think) in mount_namespaces(7): >> >> * A mount namespace has an owner user namespace. A >> mount namespace whose owner user namespace is differ‐ >> ent from the owner user namespace of its parent mount >> namespace is considered a less privileged mount names‐ >> pace. >> >> * When creating a less privileged mount namespace, >> shared mounts are reduced to slave mounts. (Shared >> and slave mounts are discussed below.) This ensures >> that mappings performed in less privileged mount >> namespaces will not propagate to more privileged mount >> namespaces. >> >> There's one point that description that troubles me. There is a >> reference to "parent mount namespace", but as I understand things >> there is no parental relationship among mount namespaces instances >> (or am I wrong?). Should that wording not be rather something >> like "the mount namespace of the process that created this mount >> namespace"? > > How about "the mount namespace this mount namespace started as a copy of" > > You are absolutely correct there is no relationship between mount > namespaces. There is just the propagation tree between mounts. (Which > acts similarly to a parent/child relationship but is not at all the same > thing). Thanks. I made the text as follows: * Each mount namespace has an owner user namespace. As noted above, when a new mount namespace is created, it inherits a copy of the mount points from the mount namespace of the process that created the new mount namespace. If the two mount namespaces are owned by different user namespaces, then the new mount namespace is considered less privileged. Cheers, Michael -- Michael Kerrisk Linux man-pages maintainer; http://www.kernel.org/doc/man-pages/ Linux/UNIX System Programming Training: http://man7.org/training/