I found this while writing a simple sandbox. Script to reproduce: https://gist.github.com/iceb0y/93e77e6945019d8a863b452e18a18079
In the `bugbox`: bugbox-4.3$ ls bin (you get the files in /bin) however bugbox-4.3$ ls ../bin (nothing) Tried with latest 4.11 kernel. The problem occurs when you bind mount `/` to itself, and then remount it. Looks like one of the mount namespace, bind mount or pivot_root is mishandling root barrier, causing `../bin` referencing to the `bin` directory instead of the bind mount. This could be a security problem. Any idea on what's the problem, or how to debug this? * Dependencies of `bugbox`: python 2 or 3 the `butter` package for syscall (sorry) /bin /lib and /lib64 on your system are real, not symlinks
