vfs: Don't copy mount bind mounts of /proc/<pid>/ns/mnt between namespaces

Don't copy bind mounts of /proc/<pid>/ns/mnt between namespaces. These files hold references to a mount namespace and copying them between namespaces could result in a reference counting loop. The current mnt_ns_loop test prevents loops on the assumption that mounts don't cross between namespaces. Unfortunately unsharing a mount namespace and shared substrees can both cause mounts to propogate between mount namespaces. Add two flags CL_COPY_UNBINDABLE and CL_COPY_MNT_NS_FILE are added to control this behavior, and CL_COPY_ALL is redefined as both of them. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2013-03-30 04:35:18 -0400
committer: Eric W. Biederman <ebiederm@xmission.com> 2013-08-26 21:42:15 -0400
commit: 4ce5d2b1a8fde84c0eebe70652cf28b9beda6b4e (patch)
tree: 08fa563457c4264fe48355e8d28c216c9a11664b /fs/pnode.h
parent: 21e851943e31022731cd5fad386ca8fb552dbe64 (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/fs/pnode.h b/fs/pnode.h
index b091445c1c4a..59e7eda1851e 100644
--- a/fs/pnode.h
+++ b/fs/pnode.h
@@ -19,11 +19,14 @@
 #define CL_EXPIRE               0x01
 #define CL_SLAVE                0x02
-#define CL_COPY_ALL             0x04
+#define CL_COPY_UNBINDABLE      0x04
 #define CL_MAKE_SHARED          0x08
 #define CL_PRIVATE              0x10
 #define CL_SHARED_TO_SLAVE      0x20
 #define CL_UNPRIVILEGED         0x40
+#define CL_COPY_MNT_NS_FILE     0x80
+#define CL_COPY_ALL             (CL_COPY_UNBINDABLE | CL_COPY_MNT_NS_FILE)
 static inline void set_mnt_shared(struct mount *mnt)
 {
author	Eric W. Biederman <ebiederm@xmission.com>	2013-03-30 04:35:18 -0400
committer	Eric W. Biederman <ebiederm@xmission.com>	2013-08-26 21:42:15 -0400
commit	4ce5d2b1a8fde84c0eebe70652cf28b9beda6b4e (patch)
tree	08fa563457c4264fe48355e8d28c216c9a11664b /fs/pnode.h
parent	21e851943e31022731cd5fad386ca8fb552dbe64 (diff)