On 2019-11-13, Al Viro wrote:
> On Wed, Nov 13, 2019 at 01:44:14PM +1100, Aleksa Sarai wrote:
> > On 2019-11-13, Al Viro wrote:
> > > On Tue, Nov 05, 2019 at 08:05:49PM +1100, Aleksa Sarai wrote:
> > >
> > > > @@ -2277,12 +2277,20 @@ static const char *path_init(struct nameidata
> > > > *nd,
On Wed, Nov 13, 2019 at 01:44:14PM +1100, Aleksa Sarai wrote:
> On 2019-11-13, Al Viro wrote:
> > On Tue, Nov 05, 2019 at 08:05:49PM +1100, Aleksa Sarai wrote:
> >
> > > @@ -2277,12 +2277,20 @@ static const char *path_init(struct nameidata
> > > *nd, unsigned flags)
> > >
> > > nd->m_seq =
On 2019-11-13, Al Viro wrote:
> On Tue, Nov 05, 2019 at 08:05:49PM +1100, Aleksa Sarai wrote:
>
> > @@ -2277,12 +2277,20 @@ static const char *path_init(struct nameidata *nd,
> > unsigned flags)
> >
> > nd->m_seq = read_seqbegin(_lock);
> >
> > - /* Figure out the starting path and
On Tue, Nov 05, 2019 at 08:05:49PM +1100, Aleksa Sarai wrote:
> @@ -2277,12 +2277,20 @@ static const char *path_init(struct nameidata *nd,
> unsigned flags)
>
> nd->m_seq = read_seqbegin(_lock);
>
> - /* Figure out the starting path and root (if needed). */
> - if (*s == '/') {
/* Background. */
Container runtimes or other administrative management processes will
often interact with root filesystems while in the host mount namespace,
because the cost of doing a chroot(2) on every operation is too
prohibitive (especially in Go, which cannot safely use vfork). However,
a