diff options
author | Marcos Paulo de Souza <marcos.souza.org@gmail.com> | 2018-02-06 15:39:34 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-02-06 18:32:45 -0800 |
commit | 667b60946ef9b8375085c7b225229923c6f87308 (patch) | |
tree | 23584580585c649e5f8d7a4a629625d621b38e54 /kernel | |
parent | 9f5325aa37279d724e064d32a95e13231c0ade23 (diff) |
kernel/fork.c: add comment about usage of CLONE_FS flags and namespaces
All other places that deals with namespaces have an explanation of why
the restriction is there.
The description added in this commit was based on commit e66eded8309e
("userns: Don't allow CLONE_NEWUSER | CLONE_FS").
Link: http://lkml.kernel.org/r/20171112151637.13258-1-marcos.souza.org@gmail.com
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/fork.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/kernel/fork.c b/kernel/fork.c index 0d62524c6660..b9d857fe2a5c 100644 --- a/kernel/fork.c +++ b/kernel/fork.c @@ -1587,6 +1587,10 @@ static __latent_entropy struct task_struct *copy_process( int retval; struct task_struct *p; + /* + * Don't allow sharing the root directory with processes in a different + * namespace + */ if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS)) return ERR_PTR(-EINVAL); |