kernel/fork.c: add comment about usage of CLONE_FS flags and namespaces

All other places that deals with namespaces have an explanation of why the restriction is there. The description added in this commit was based on commit e66eded ("userns: Don't allow CLONE_NEWUSER | CLONE_FS"). Link: http://lkml.kernel.org/r/[email protected] Signed-off-by: Marcos Paulo de Souza <[email protected]> Cc: "Eric W. Biederman" <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
niw · Feb 7, 2018 · 667b609 · 667b609
1 parent 9f5325a
commit 667b609
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/kernel/fork.c b/kernel/fork.c
@@ -1587,6 +1587,10 @@ static __latent_entropy struct task_struct *copy_process(
 	int retval;
 	struct task_struct *p;
 
+	/*
+	 * Don't allow sharing the root directory with processes in a different
+	 * namespace
+	 */
 	if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
 		return ERR_PTR(-EINVAL);