On Wed, 3 Sept 2025 at 19:49, Darrick J. Wong <djwong@xxxxxxxxxx> wrote: > > mn Wed, Sep 03, 2025 at 05:45:27PM +0200, Miklos Szeredi wrote: > > Thinking about blocking umount: if we did this in a private user/mount > > ns, then it wouldn't be a problem. But how can we be sure? Is > > checking sb->s_user_ns != &init_user_ns sufficient? > > I'm not sure we can -- what if you mount a filesystem in a private mount > ns, but then some supervisor process adds another mount to the same sb > in the init_user_ns? Right. What I don't see is whether this scenario happens in real life or not. But I guess if something can be done it will be done, sooner or later, so better not tempt fate. Thanks, Miklos > > --D > > > Thanks, > > Miklos > >
