Hello Jakub,
I think the manpage is misleading. Note that the manpage was especially
prepared for Debian and was last touched many years ago. I only looked
for its correctness now, now that you reported of it.
The current upstream documentation does warn about the functionality,
and does not advertise anything about confining the namespace.
I will try to fix it in time for Bookworm. Otherwise patches welcome.
The latest up-to-date documentation is available in the kernel sources
at: Documentation/virt/uml/user_mode_linux_howto_v2.rst
To quote from the documentation:
Host file access
==================
If you want to access files on the host machine from inside UML, you
can treat it as a separate machine and either nfs mount directories
from the host or copy files into the virtual machine with scp.
However, since UML is running on the host, it can access those
files just like any other process and make them available inside the
virtual machine without the need to use the network.
This is possible with the hostfs virtual filesystem. With it, you
can mount a host directory into the UML filesystem and access the
files contained in it just as you would on the host.
*SECURITY WARNING*
Hostfs without any parameters to the UML Image will allow the image
to mount any part of the host filesystem and write to it. Always
confine hostfs to a specific "harmless" directory (for example ``/var/tmp``)
if running UML. This is especially important if UML is being run as root.