kernel/fork.c: add comment about usage of CLONE_FS flags and namespaces

All other places that deals with namespaces have an explanation of why
the restriction is there.

The description added in this commit was based on commit e66eded8309e
("userns: Don't allow CLONE_NEWUSER | CLONE_FS").

Link: http://lkml.kernel.org/r/20171112151637.13258-1-marcos.souza.org@gmail.com
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/kernel/fork.c b/kernel/fork.c
index 0d62524c66600310c3717d2c7f86a8e253b06d56..b9d857fe2a5c655374ff30b6c459994b9845b3fc 100644 (file)
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1587,6 +1587,10 @@ static __latent_entropy struct task_struct *copy_process(
        int retval;
        struct task_struct *p;
 
+       /*
+        * Don't allow sharing the root directory with processes in a different
+        * namespace
+        */
        if ((clone_flags & (CLONE_NEWNS|CLONE_FS)) == (CLONE_NEWNS|CLONE_FS))
                return ERR_PTR(-EINVAL);