> On Jun 6, 2019, at 3:38 PM, David Howells <[email protected]> wrote:
>
> Andy Lutomirski <[email protected]> wrote:
>
>> I mean: are there cases where some action generates a notification but does
>> not otherwise have an effect visible to the users who can receive the
>> notification. It looks like the answer is probably “no”, which is good.
>
> mount_notify(). You can get a notification that someone altered the mount
> topology (eg. by mounting something). A process receiving a notification
> could then use fsinfo(), say, to reread the mount topology tree, find out
> where the new mount is and wander over there to have a look - assuming they
> have the permissions for pathwalk to succeed.
>
>
They can call fsinfo() anyway, or just read /proc/self/mounts. As far as I’m
concerned, if you have CAP_SYS_ADMIN over a mount namespace and LSM policy lets
you mount things, the of course you can get information to basically anyone who
can use that mount namespace.
