Allocating file descriptors for the is_subset check is completely unnecessary. We can just do a basic faccessat(2) check -- the paths we care about are very basic and we only care if they exist at all and not their contents or what they point to.
In addition, because we check /proc/1 and /proc/stat, using faccessat(2) will avoid us thinking that /proc is a subset if something has overmounted /proc/stat (technically is a subset but that's just a game of whack-a-mole we can't win).
Allocating file descriptors for the is_subset check is completely unnecessary. We can just do a basic faccessat(2) check -- the paths we care about are very basic and we only care if they exist at all and not their contents or what they point to.
In addition, because we check /proc/1 and /proc/stat, using faccessat(2) will avoid us thinking that /proc is a subset if something has overmounted /proc/stat (technically is a subset but that's just a game of whack-a-mole we can't win).
Signed-off-by: Aleksa Sarai cyphar@cyphar.com