aboutsummaryrefslogtreecommitdiff
path: root/Documentation/gcov.txt
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2013-03-13 11:51:49 -0700
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-03-14 11:26:37 -0700
commit364709ddeaaec519bc9014b05474aa071f3afc6f (patch)
treec9e4dbffa6b7b1b32c78b11be03fa8259893f222 /Documentation/gcov.txt
parentf7322a37359d76075db32f826ce5c2c473391a5a (diff)
userns: Don't allow CLONE_NEWUSER | CLONE_FS
commit e66eded8309ebf679d3d3c1f5820d1f2ca332c71 upstream. Don't allowing sharing the root directory with processes in a different user namespace. There doesn't seem to be any point, and to allow it would require the overhead of putting a user namespace reference in fs_struct (for permission checks) and incrementing that reference count on practically every call to fork. So just perform the inexpensive test of forbidding sharing fs_struct acrosss processes in different user namespaces. We already disallow other forms of threading when unsharing a user namespace so this should be no real burden in practice. This updates setns, clone, and unshare to disallow multiple user namespaces sharing an fs_struct. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'Documentation/gcov.txt')
0 files changed, 0 insertions, 0 deletions