Control: tag -1 moreinfo On Sun, 2016-10-16 at 21:33 -0300, Dato Simó wrote: > Package: linux-image-3.16.0-4-amd64 > Version: 3.16.7-ckt17-1 > > The upload to jessie of linux 3.16.7-ckt17-1 included the following > change: > > - mnt: Refactor the logic for mounting sysfs and proc in a user > namespace [1] > > This broke mounting sysfs and procfs under a user namespace.
It prevents mounting sysfs and procfs if they are not already mounted somewhere else in the current mount namespace and fully visible. So if a container is set up with limited access (or no access) to one of these filesystem types, nothing inside that container is allowed to change that. Did you rely on that being allowed? Or are you mounting in some other way that you think is wrongly being disallowed? > There is a fix at [2] that claims to solve the problem. [...] No, it claims to make the test slightly stricter. Ben. -- Ben Hutchings No political challenge can be met by shopping. - George Monbiot
signature.asc
Description: This is a digitally signed message part
