-
由 Eric W. Biederman 提交于
Gao feng <gaofeng@cn.fujitsu.com> reported that commit e51db735 userns: Better restrictions on when proc and sysfs can be mounted caused a regression on mounting a new instance of proc in a mount namespace created with user namespace privileges, when binfmt_misc is mounted on /proc/sys/fs/binfmt_misc. This is an unintended regression caused by the absolutely bogus empty directory check in fs_fully_visible. The check fs_fully_visible replaced didn't even bother to attempt to verify proc was fully visible and hiding proc files with any kind of mount is rare. So for now fix the userspace regression by allowing directory with nlink == 1 as /proc/sys/fs/binfmt_misc has. I will have a better patch but it is not stable material, or last minute kernel material. So it will have to wait. Cc: stable@vger.kernel.org Acked-by: NSerge Hallyn <serge.hallyn@canonical.com> Acked-by: NGao feng <gaofeng@cn.fujitsu.com> Tested-by: NGao feng <gaofeng@cn.fujitsu.com> Signed-off-by: N"Eric W. Biederman" <ebiederm@xmission.com>
41301ae7