Re: 4.2: Can't mount sysfs in a mount ns & user ns

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Lubomir Rintel <lkundrak@xxxxx> writes:

> Hi,
>
> 4.0.6-300.fc22.x86_64:
> [lkundrak@fedora22-1 ~]$ unshare -r --mount --net
> [root@fedora22-1 ~]# mount --make-slave /sys
> [root@fedora22-1 ~]# mount -t sysfs sysfs /sys
> [root@fedora22-1 ~]# 
>
> 4.2.0-0.rc6.git0.1.fc24.x86_64:
> [lkundrak@fedora23-1 ~]$ unshare -r --mount --net
> [root@fedora23-1 ~]# mount --make-slave /sys
> [root@fedora23-1 ~]# mount -t sysfs sysfs /sys
> mount: permission denied
> [root@fedora23-1 ~]#
>
> we use this in NetworkManager test suite, to ensure the devices we see
> via GUdev are the same as we see via rtnetlink.
>
> I'm wondering if this is a bug or an intended change?

There was an intentional tightening up of the permissions required to
mount sysfs to prevent people in jails from gaining access to things
they would not ordinarily have access to.  The change was not expected
to affect anyones legitimate use case.

What are the mount flags of the previous mount of sysfs?
What is mounted on top of sysfs?

Or in short can I see /proc/self/mounts for the failing scenario?

Without a little more detail I can't see if there is a possible security
violation in your code or if this is something I can fix.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux