From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Laight Subject: RE: [PATCH RFC 0/1] mount: universally disallow mounting over symlinks Date: Thu, 2 Jan 2020 08:58:09 +0000 Message-ID: References: <20191230052036.8765-1-cyphar@cyphar.com> <20191230054413.GX4203@ZenIV.linux.org.uk> <20191230054913.c5avdjqbygtur2l7@yavin.dot.cyphar.com> <20191230072959.62kcojxpthhdwmfa@yavin.dot.cyphar.com> <20191230083224.sbk2jspqmup43obs@yavin.dot.cyphar.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Return-path: In-Reply-To: <20191230083224.sbk2jspqmup43obs@yavin.dot.cyphar.com> Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org To: 'Aleksa Sarai' , Linus Torvalds Cc: Al Viro , David Howells , Eric Biederman , stable , Christian Brauner , Serge Hallyn , "dev@opencontainers.org" , Linux Containers , Linux API , linux-fsdevel , Linux Kernel Mailing List List-Id: linux-api@vger.kernel.org From: Aleksa Sarai > Sent: 30 December 2019 08:32 ... > I'm not sure I agree -- as I mentioned in my other mail, re-opening > through /proc/self/fd/$n works *very* well and has for a long time (in > fact, both LXC and runc depend on this working). I thought it was marginally broken because it is followed as a symlink? On, for example, NetBSD /proc//fd/ is a real reference to the filesystem inode and can be used to link the file back into the filesystem if all the directory entries have been removed. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)