On 1/23/2024 3:58 PM, EML wrote: > What's interesting here is that CGI appears to be doing something more > complex than simply forking a process. The script which is the problem > has an EUID of 0, so why can't it unmount a filesystem? Have I just > messed up (probably?) Or has Apache run me /without/ CAP_SYS_ADMIN? If Or is Apache in an isolated namespace, making its mount and unmount operations invisible to most other processes? You can investigate by comparing what /proc/$$/ns/mnt looks like inside and outside the problematic script. If this is the case, you might need to use nsenter(1) to access the namespace(s) in which you want your unmount to take effect. -- Alan Curry TSC Technology Department pacurry@xxxxxxxxxxxxx 765-269-8321 --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|