On Jun 6, 2019, at 3:38 PM, David Howells [off-list ref] wrote:

Andy Lutomirski [off-list ref] wrote:

quoted

I mean: are there cases where some action generates a notification but does
not otherwise have an effect visible to the users who can receive the
notification. It looks like the answer is probably “no”, which is good.

mount_notify().  You can get a notification that someone altered the mount
topology (eg. by mounting something).  A process receiving a notification
could then use fsinfo(), say, to reread the mount topology tree, find out
where the new mount is and wander over there to have a look - assuming they
have the permissions for pathwalk to succeed.

They can call fsinfo() anyway, or just read /proc/self/mounts. As far as I’m concerned, if you have CAP_SYS_ADMIN over a mount namespace and LSM policy lets you mount things, the of course you can get information to basically anyone who can use that mount namespace.