crosbymichael
commented
7 years ago Are you sure? This is this way for user namespaces to work.
Closed justincormack closed 7 years ago
crosbymichael
commented
7 years ago Are you sure? This is this way for user namespaces to work.
justincormack
commented
7 years ago Hmm, so is that via the ownership of the /proc/self/fd files? Let me check. Otherwise I will make the fchown Linux only.
crosbymichael
commented
7 years ago We just don't do things randomly, there is a reason to the madness ;)
justincormack
commented
7 years ago Well I wasn't trying to remove it randomly either ;) either way I will add a comment...
justincormack
commented
7 years ago Hmm, well fchown does not change the ownership of /proc/self/fd/nn either, so I still don't see how this could help in the userns case... Will try to test actually running a userns.
crosbymichael
commented
7 years ago LGTM
This makes no sense: open file descriptors do not have ownership, they can be accessed by anyone who has the file descriptor. These anonymous pipes cannot be bound into the filesystem.
On Linux this happens to succeed and do nothing; Posix also allows it to fail.
Signed-off-by: Justin Cormack justin.cormack@docker.com