Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp132602ybp; Tue, 8 Oct 2019 15:20:43 -0700 (PDT) X-Google-Smtp-Source: APXvYqzL6tnsNik4tyHrsjL5CvJ+zPCopu6epRqoDskdP8KcyZ3EBcpKabVghjTDocNiFKcRJ/XL X-Received: by 2002:a05:6402:1252:: with SMTP id l18mr305922edw.64.1570573243664; Tue, 08 Oct 2019 15:20:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570573243; cv=none; d=google.com; s=arc-20160816; b=jBnycGLVRZF6ET6fKnai/HEq4WChd9KCcMsOZKemF+MVhJ52/p9jssO8W+1a6VCwJm ZLwBlcfVPWal1wuo7LCIuiOM9zXF2aKofcnvGBj+6B9YAuhNkwp3bojzCJBtkPP7dtZ/ DWoVzeZStIGfl1482528qael1xb/YtntjY1RB59DMgEmyPSGQmOmYhqRFLM9vjcZMvvv L+3Mp8ljdOi780EaWbaUB9XzMob2dHqaHDNenuG/gy1iUt04pgjjAGY67Zv1y7IAhllL UoG2I6f4UzB931mRLgokqDTo2X2y3DGW7Yk1sM5qYJiVmV3DEtkrPx/dHos0wuHy18qY TWnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:content-transfer-encoding :mime-version:user-agent:message-id:in-reply-to:date:references:cc :to:from; bh=uaHlfZdt88alSG5wqJiwAHWgifYYB3y+8Bp5dToah/s=; b=cWk0/K3aU8AUOBRLVvs4Bmgz4ukrSri2IxESwyjTF46qYadwltfQjKA/JWoA1/EDju l7U9YmTODpvt49iNH84rCIlHnyyJLMBrYXOaye5yx60ooqy33qRQXWy9d0vn/wUiKpoy sku/gZC/hGRtgeBfeSzx7ulODzwDOKvyry6TZbipBETs1VbgI9FKtWkZl25R4Ki3nxk3 KYkWndugOVAB9NBJ285uT8bnYG1LoBNhcIkhqJlpJM5qmPI8lRaGfe8x2X5jL5MeINra nOnMekjvBonPUMQ84RXQrn56OJaGLcn1ukDfOW/LyCGRxqk97exbXf/yEFdxqIeHyHgc nt8g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s1si107139ejf.305.2019.10.08.15.20.19; Tue, 08 Oct 2019 15:20:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726579AbfJHWRv convert rfc822-to-8bit (ORCPT + 99 others); Tue, 8 Oct 2019 18:17:51 -0400 Received: from out02.mta.xmission.com ([166.70.13.232]:37296 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725848AbfJHWRu (ORCPT ); Tue, 8 Oct 2019 18:17:50 -0400 Received: from in02.mta.xmission.com ([166.70.13.52]) by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1iHxnd-00043w-QM; Tue, 08 Oct 2019 16:17:45 -0600 Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1iHxnc-0000qU-Ss; Tue, 08 Oct 2019 16:17:45 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: "Michael Kerrisk \(man-pages\)" Cc: Christian Brauner , linux-man , Containers , lkml , Andy Lutomirski , Jordan Ogas , werner@almesberger.net, Al Viro References: <3a96c631-6595-b75e-f6a7-db703bf89bcf@gmail.com> <87r24piwhm.fsf@x220.int.ebiederm.org> <87ftl5donm.fsf@x220.int.ebiederm.org> <20190910111551.scam5payogqqvlri@wittgenstein> <30545c5c-ff4c-8b87-e591-40cc0a631304@gmail.com> <871rwnda47.fsf@x220.int.ebiederm.org> <448138b8-0d0c-5eb3-d5e5-04a26912d3a8@gmail.com> <87ef0hbezt.fsf@x220.int.ebiederm.org> <71cad40b-0f9f-24de-b650-8bc4fce78fa8@gmail.com> <87y2y6j9i1.fsf@x220.int.ebiederm.org> <7e4b23df-ab83-3d5a-3dc5-54025e3682cf@gmail.com> <87k19geey0.fsf@x220.int.ebiederm.org> <87eeznc9fc.fsf@x220.int.ebiederm.org> <08d2b28b-21cc-e304-f624-bb5bc4ee98f4@gmail.com> Date: Tue, 08 Oct 2019 17:16:59 -0500 In-Reply-To: <08d2b28b-21cc-e304-f624-bb5bc4ee98f4@gmail.com> (Michael Kerrisk's message of "Tue, 8 Oct 2019 23:40:25 +0200") Message-ID: <878spudgro.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT X-XM-SPF: eid=1iHxnc-0000qU-Ss;;;mid=<878spudgro.fsf@x220.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19VZR+ZDUtWFS7hknLL9o6/ui3Vkkwy7Rg= X-SA-Exim-Connect-IP: 68.227.160.95 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa07.xmission.com X-Spam-Level: X-Spam-Status: No, score=-1.0 required=8.0 tests=ALL_TRUSTED,BAYES_20, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG,T_TooManySym_01, T_TooManySym_02,XM_B_Unicode autolearn=disabled version=3.4.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * -0.0 BAYES_20 BODY: Bayes spam probability is 5 to 20% * [score: 0.1993] * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * 0.0 XM_B_Unicode BODY: Testing for specific types of unicode * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa07 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_02 5+ unique symbols in subject * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa07 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;"Michael Kerrisk \(man-pages\)" X-Spam-Relay-Country: X-Spam-Timing: total 514 ms - load_scoreonly_sql: 0.06 (0.0%), signal_user_changed: 3.1 (0.6%), b_tie_ro: 2.1 (0.4%), parse: 1.46 (0.3%), extract_message_metadata: 7 (1.3%), get_uri_detail_list: 3.4 (0.7%), tests_pri_-1000: 4.1 (0.8%), tests_pri_-950: 1.33 (0.3%), tests_pri_-900: 1.10 (0.2%), tests_pri_-90: 34 (6.7%), check_bayes: 33 (6.4%), b_tokenize: 10 (1.9%), b_tok_get_all: 13 (2.6%), b_comp_prob: 3.3 (0.6%), b_tok_touch_all: 3.9 (0.8%), b_finish: 0.74 (0.1%), tests_pri_0: 443 (86.1%), check_dkim_signature: 0.69 (0.1%), check_dkim_adsp: 2.3 (0.4%), poll_dns_idle: 0.69 (0.1%), tests_pri_10: 2.2 (0.4%), tests_pri_500: 8 (1.5%), rewrite_mail: 0.00 (0.0%) Subject: Re: pivot_root(".", ".") and the fchdir() dance X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "Michael Kerrisk (man-pages)" writes: > On 10/8/19 9:40 PM, Eric W. Biederman wrote: >> "Michael Kerrisk (man-pages)" writes: >> >>> Hello Eric, >>> >>>>>> Creating of a mount namespace in a user namespace automatically does >>>>>> 'mount("", "/", MS_SLAVE | MS_REC, NULL);' if the starting mount >>>>>> namespace was not created in that user namespace. AKA creating >>>>>> a mount namespace in a user namespace does the unshare for you. >>>>> >>>>> Oh -- I had forgotten that detail. But it is documented >>>>> (by you, I think) in mount_namespaces(7): >>>>> >>>>> * A mount namespace has an owner user namespace. A >>>>> mount namespace whose owner user namespace is differ‐ >>>>> ent from the owner user namespace of its parent mount >>>>> namespace is considered a less privileged mount names‐ >>>>> pace. >>>>> >>>>> * When creating a less privileged mount namespace, >>>>> shared mounts are reduced to slave mounts. (Shared >>>>> and slave mounts are discussed below.) This ensures >>>>> that mappings performed in less privileged mount >>>>> namespaces will not propagate to more privileged mount >>>>> namespaces. >>>>> >>>>> There's one point that description that troubles me. There is a >>>>> reference to "parent mount namespace", but as I understand things >>>>> there is no parental relationship among mount namespaces instances >>>>> (or am I wrong?). Should that wording not be rather something >>>>> like "the mount namespace of the process that created this mount >>>>> namespace"? >>>> >>>> How about "the mount namespace this mount namespace started as a copy of" >>>> >>>> You are absolutely correct there is no relationship between mount >>>> namespaces. There is just the propagation tree between mounts. (Which >>>> acts similarly to a parent/child relationship but is not at all the same >>>> thing). >>> >>> Thanks. I made the text as follows: >>> >>> * Each mount namespace has an owner user namespace. As noted >>> above, when a new mount namespace is created, it inherits a >>> copy of the mount points from the mount namespace of the >>> process that created the new mount namespace. If the two mount >>> namespaces are owned by different user namespaces, then the new >>> mount namespace is considered less privileged. >> >> I hate to nitpick, > > I love it when you nitpick. Thanks for your attention to the details > of my wording. > >> but I am going to say that when I read the text above >> the phrase "mount namespace of the process that created the new mount >> namespace" feels wrong. >> >> Either you use unshare(2) and the mount namespace of the process that >> created the mount namespace changes. >> >> Or you use clone(2) and you could argue it is the new child that created >> the mount namespace. >> >> Having a different mount namespace at the end of the creation operation >> feels like it makes your phrase confusing about what the starting >> mount namespace is. I hate to use references that are ambiguous when >> things are changing. >> >> I agree that the term parent is also wrong. > > I see what you mean. My wording is imprecise. > > So, I tweaked text earlier in the page so that it now reads > as follows: > > A new mount namespace is created using either clone(2) or > unshare(2) with the CLONE_NEWNS flag. When a new mount namespace > is created, its mount point list is initialized as follows: > > * If the namespace is created using clone(2), the mount point > list of the child's namespace is a copy of the mount point list > in the parent's namespace. > > * If the namespace is created using unshare(2), the mount point > list of the new namespace is a copy of the mount point list in > the caller's previous mount namespace. > > And then I tweaked the text that we are currently discussing to read: > > * Each mount namespace has an owner user namespace. As explained > above, when a new mount namespace is created, its mount point > list is initialized as a copy of the mount point list of > another mount namespace. If the new namespaces and the names‐ > pace from which the mount point list was copied are owned by > different user namespaces, then the new mount namespace is con‐ > sidered less privileged. > > How does this look to you now? Much better thank you. Eric