Comment 35 for bug 1476662

@roma-fiedler,

I think what you describe is what my last patch was doing. The problem is we need to be able to mount files onto paths which we can' topen (i.e. /proc/sysrq-trigger). In that case I can't see a way to make sure that the path is not changed between our last check of it and the mount onto it.

Failing any good solution to that, I intend to switch out all that code in favor of code which just does the mount, then checks realpth() results to make sure the target ended up in the container directory. Since we are in a MS_SLAVE remounted rootfs in a private mntns, there shouldn't be any downsides to that approach. Feedback very much appreciated.