hooks_ct.c: bind-mount root to itself
Bind-mount container root into itself after entering user namespace,
since kernel v3.11-rc3.
Here is workaround for the following kernel commit:
commit 5ff9d8a65ce80efb509ce4e8051394e9ed2cd942
Author: Eric W. Biederman <ebiederm@xmission.com>
Date: Fri Mar 29 21:04:39 2013 -0700
vfs: Lock in place mounts from more privileged users
When creating a less privileged mount namespace or propogating mounts
from a more privileged to a less privileged mount namespace lock the
submounts so they may not be unmounted individually in the child mount
namespace revealing what is under them.
This enforces the reasonable expectation that it is not possible to
see under a mount point.
...
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Acked-by: Kir Kolyshkin <kir@openvz.org>
1 file changed