2

I'm wondering if devtmpfs is special with respect to namespaces.

Here's my system info (using Vagrant for testing)

vagrant@ubuntu-xenial:~/test$ uname -a Linux ubuntu-xenial 4.4.0-135-generic #161-Ubuntu SMP Mon Aug 27 10:45:01 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

A basic demonstration explains best:

vagrant@ubuntu-xenial:~/test$ unshare --ipc --uts --user --mount --fork --pid --net --map-root-user root@ubuntu-xenial:~/test# mkdir proc root@ubuntu-xenial:~/test# mkdir sys root@ubuntu-xenial:~/test# mount -t proc proc ./proc/ root@ubuntu-xenial:~/test# mount -t sysfs sysfs ./sys/ root@ubuntu-xenial:~/test# mkdir dev root@ubuntu-xenial:~/test# mount -t devtmpfs devtmpfs ./dev/ mount: permission denied root@ubuntu-xenial:~/test# exit logout

I have the rights to mount proc and sys, but not a devtmpfs?

A tmpfs works, though (also run with the same unshare command) 

root@ubuntu-xenial:~/test# mount -t tmpfs tmpfs ./dev/

EDIT2: Moved previous edit to an answer based on sourcejedi's feedback.

Improve this question
0

1 Answer 1

Reset to default
3

I believe it is related to the file system flag FS_USERNS_MOUNT (https://lwn.net/Articles/652468/).

A quick grep of the kernel seems to indicate it's not set for devtmpfs: livegrep.com results

If someone has a better answer I'd be happy to accept it instead!

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.