Re: [GIT PULL] User namespace related fixes for v4.2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 01, 2015 at 03:41:37PM -0500, Eric W. Biederman wrote:
> This set of changes also starts enforcing the mount flags of fresh
> mounts of proc and sysfs are consistent with the existing mount of proc
> and sysfs.  I expected this to be the boring part of the work but
> unfortunately unprivileged userspace winds up mounting fresh copies of
> proc and sysfs with noexec and nosuid clear when root set those flags on
> the previous mount of proc and sysfs.  So for now only the atime,
> read-only and nodev attributes which userspace happens to keep
> consistent are enforced.  Dealing with the noexec and nosuid attributes
> remains for another time.

Sorry to be the bearer of bad news, but I am seeing a regression in lxc
with 4.2-rc1 due to this change. lxc is doing a fresh mount of sysfs
that never specifies either read-only or nodev regardless of how sysfs
has been mounted previously, and this is causing me to see mount
failures because of the nodev check.

If I comment out only the nodev check then the mount works on my system,
but based on the code in lxc I don't think there's any guarantee at all
of this mount having flags consistent with previous mounts.

Seth
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux