> I have not received an answer to my questions in the last version of this > patch > set. Also it would be good if I could be Cc'ed by default. I can't hunt down > all > patches. > I do not know of any kernel entity, specifically devices, that change > namespaces > on open(). > This seems like an invitation for all kinds of security bugs. > A device node belongs to one namespace only which is attached to the > underlying kobject. Opening the device should never change that. > Please look at how mqueue or shm are doing this. They don't change > namespaces on open either. > I have to say that is one of the main reasons why I disagree with that design. > >
If we must return the same context when every open in proc, we can only isolate binder with mnt namespace instead of ipc namespace, what do you think, Todd?
