Lubomir Rintel <lkundrak@xxxxx> writes: > Hi, > > 4.0.6-300.fc22.x86_64: > [lkundrak@fedora22-1 ~]$ unshare -r --mount --net > [root@fedora22-1 ~]# mount --make-slave /sys > [root@fedora22-1 ~]# mount -t sysfs sysfs /sys > [root@fedora22-1 ~]# > > 4.2.0-0.rc6.git0.1.fc24.x86_64: > [lkundrak@fedora23-1 ~]$ unshare -r --mount --net > [root@fedora23-1 ~]# mount --make-slave /sys > [root@fedora23-1 ~]# mount -t sysfs sysfs /sys > mount: permission denied > [root@fedora23-1 ~]# > > we use this in NetworkManager test suite, to ensure the devices we see > via GUdev are the same as we see via rtnetlink. > > I'm wondering if this is a bug or an intended change? There was an intentional tightening up of the permissions required to mount sysfs to prevent people in jails from gaining access to things they would not ordinarily have access to. The change was not expected to affect anyones legitimate use case. What are the mount flags of the previous mount of sysfs? What is mounted on top of sysfs? Or in short can I see /proc/self/mounts for the failing scenario? Without a little more detail I can't see if there is a possible security violation in your code or if this is something I can fix. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
