On Thu, Sep 05, 2013 at 02:40:39PM +0000, Matthew Garrett wrote: > On Wed, 2013-09-04 at 20:49 -0400, Vivek Goyal wrote: > > > I did what Eric Biederman suggested. I first unshare the mount namespace > > of /sbin/kexec from parent. Then I disable any event propogation between > > mounts. Then I lazy unmount existing /proc and /sys and remount them. I > > think this should make sure that we are seeing at /proc and /sys as > > exported by kenrel? > > Namespaces have mostly been used with the assumption that namespaces > contain child processes, rather than parent processes attacking > children. Are we guaranteed that (barring ptrace) a parent process is > unable to manipulate a child's namespaces? This is a good question and I don't know enough about namespaces to be able to answer it. I am CCing Eric Biederman and he should have an Idea. Eric, So this is in context of kdump an secureboot. We were discussing to be able to create a private mount namespace for /sbin/kexec and remount /proc/ and /sys so that /sbin/kexec is sure that it is looking at something as exported by kernel. Is it possible for unsigned parent to now maninpulate child /sbin/kexec mount namespace now? Thanks Vivek _______________________________________________ kernel mailing list kernel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/kernel
