On Tue, Aug 12, 2014 at 9:17 PM, Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > If you can find a userspace application that matters I might care > that a security fix breaks it. > FWIW, it broke Sandstorm.io, but we already pushed a fix, and I'm not sure if you'd say that we "matter". > If there is an actual regression of actual code I am happy to deal > with it. But having the MNT_NODEV on those mounts has been the case > for a long time now and is not new (no regression). This change just > closed the security hole that allowed nodev to be removed. And that > security hole we need to have fixed. > The problem is that users like us had no idea that nodev was being silently added in the first place, and thus didn't know that we needed to specify it in remounts. We create the tmpfs, put some things in it, and then want to remount it read-only for the sandbox. It seems reasonable to expect that a newly-created tmpfs would have exactly the flags I gave it when I created it, not silently get an additional flag that I then need to pass on remount. Note further that it may be very hard for normal developers to figure out why their remount is failing in this case. Andy only discovered the silent nodev by reading the kernel code. -Kenton _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
