Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp17231508ybl; Thu, 2 Jan 2020 01:10:45 -0800 (PST) X-Google-Smtp-Source: APXvYqxOuf6Wb4Fs5Z9rrLcdjJjdW56LCdqMWeqGQr4Q2eHYVec+4Kvqc6Hf9j1D2urctHa2pABe X-Received: by 2002:a05:6830:2361:: with SMTP id r1mr85285152oth.88.1577956244785; Thu, 02 Jan 2020 01:10:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1577956244; cv=none; d=google.com; s=arc-20160816; b=BnHrzgKVwoJ4QhTIhatpPIT4Wlo9HopZIhvztjkbsZueCk8CGTJmSnnBUgcOTQkWmh YqcA2BNk/Q5+d2kHOzdLT8hiVuzd03VGud+SMJfepXMZLxROGKlFOkx4pYq4HJS4cVDb +JTiu5ZIKVCqCBTCAEUtayFu7/gFq6CA0wF9CT1tldwg3wVCI8pk3XPQrcNvyA1CX/s6 sQ890rb5WdDUxYiAOsIg3qj/GxckwEmhzCdOAfwDWEwMkXVVvxQggwBahcdghuRNJGRs +Py0UwAILi4dcQ+o5bpZStf6Ltk6CBCJeZH2ZJMyByyljRJdwO+0YZQiiV11S4/GcJjm 7I5Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=KSdaunrtv8LrrXdyj5GOk2mX8YAbfwHN+L/PnRinr90=; b=lRdFSAdMFZwVDSSTqgYrCGTK7/PFjVno9Q2yOKaPIPXNXfwpj2DVy6SffZwnuZYzhm oj91M8nindeccL0TcTNrvYOldMn7tvIlm3k70iNxEexqrfI8kdi9Am8Cr+YhucOATmuC AhG2iHvsnuvbfTRNWO1jr26vkIpjn+SIZJFkn3RvDdhYjDQVQ097PSdypaReoFhJLEJp 45Rdgz8iJzF8ybGHj+2HQPpQcAP4iJx3M7VF7dzibfa+iKhMkqEuyZJ2VGjT2JJLJkYS lKBbbT1YzSSMjD2lQobMTnmfOKFJmCOLWildhBdLcpjyxGajXmFkZFNjNLX37cGDzc3g PLPg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m5si26787048ote.187.2020.01.02.01.10.32; Thu, 02 Jan 2020 01:10:44 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727927AbgABJJv (ORCPT + 99 others); Thu, 2 Jan 2020 04:09:51 -0500 Received: from mout-p-201.mailbox.org ([80.241.56.171]:20516 "EHLO mout-p-201.mailbox.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727801AbgABJJu (ORCPT ); Thu, 2 Jan 2020 04:09:50 -0500 Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by mout-p-201.mailbox.org (Postfix) with ESMTPS id 47pMgJ3j5zzQlBc; Thu, 2 Jan 2020 10:09:48 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter01.heinlein-hosting.de (spamfilter01.heinlein-hosting.de [80.241.56.115]) (amavisd-new, port 10030) with ESMTP id froh9y1uxPey; Thu, 2 Jan 2020 10:09:43 +0100 (CET) Date: Thu, 2 Jan 2020 20:09:20 +1100 From: Aleksa Sarai To: David Laight Cc: Linus Torvalds , Al Viro , David Howells , Eric Biederman , stable , Christian Brauner , Serge Hallyn , "dev@opencontainers.org" , Linux Containers , Linux API , linux-fsdevel , Linux Kernel Mailing List Subject: Re: [PATCH RFC 0/1] mount: universally disallow mounting over symlinks Message-ID: <20200102090920.gmvq45gqopbzmrgk@yavin.dot.cyphar.com> References: <20191230052036.8765-1-cyphar@cyphar.com> <20191230054413.GX4203@ZenIV.linux.org.uk> <20191230054913.c5avdjqbygtur2l7@yavin.dot.cyphar.com> <20191230072959.62kcojxpthhdwmfa@yavin.dot.cyphar.com> <20191230083224.sbk2jspqmup43obs@yavin.dot.cyphar.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="aavym7oejblostsf" Content-Disposition: inline In-Reply-To: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --aavym7oejblostsf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2020-01-02, David Laight wrote: > From: Aleksa Sarai > > Sent: 30 December 2019 08:32 > ... > > I'm not sure I agree -- as I mentioned in my other mail, re-opening > > through /proc/self/fd/$n works *very* well and has for a long time (in > > fact, both LXC and runc depend on this working). >=20 > I thought it was marginally broken because it is followed as a symlink? > On, for example, NetBSD /proc//fd/ is a real reference to the > filesystem inode and can be used to link the file back into the filesystem > if all the directory entries have been removed. That is also the case on Linux. It (strictly speaking) isn't a symlink in the normal sense of the word, it's a magic-link (nd_jump_link switches the nd->path to the actual 'struct file' in the case of /proc/self/fd/$n). --=20 Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH --aavym7oejblostsf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQSxZm6dtfE8gxLLfYqdlLljIbnQEgUCXg2zPQAKCRCdlLljIbnQ EvDUAQD/miJLSU0UGR24uJ4vorUDe6zn8CWjBhcDBgK2ejycbgD/RUnnLLzg2tDG DxDaMXQZ+/wUmmG8jNkAC1kHBVf3PAY= =PoFx -----END PGP SIGNATURE----- --aavym7oejblostsf--