vfs: Only support slave subtrees across different user namespaces
Sharing mount subtress with mount namespaces created by unprivileged
users allows unprivileged mounts created by unprivileged users to
propagate to mount namespaces controlled by privileged users.
Prevent nasty consequences by changing shared subtrees to slave
subtress when an unprivileged users creates a new mount namespace.
Change-Id: Ib5bbe42b1b25bacfaa03a626ea317ebc4389cb71
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Git-commit: e45438489cf923585237e6c4326a36c2e348500e
Git-repo: https://android.googlesource.com/kernel/common/
[schikk@codeaurora.org: Resolved merge conflicts ]
CRs-Fixed: 901628
Signed-off-by: Swetha Chikkaboraiah <schikk@codeaurora.org>
2 files changed