ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes:
> Andy Lutomirski <luto@xxxxxxxxxx> writes:
>>
>> Hi Eric-
>>
>> This is rather odd. The selftest
>> (tools/testing/selftests/capabilities/test_execve), run as root, fails
>> on current kernels. The failure is worked around by this:
>>
>> diff --git a/tools/testing/selftests/capabilities/test_execve.c
>> b/tools/testing/selftests/capabilities/test_execve.c
>> index 10a21a958aaf..6db60889b211 100644
>> --- a/tools/testing/selftests/capabilities/test_execve.c
>> +++ b/tools/testing/selftests/capabilities/test_execve.c
>> @@ -139,8 +139,8 @@ static void chdir_to_tmpfs(void)
>> if (chdir(cwd) != 0)
>> err(1, "chdir to private tmpfs");
>>
>> - if (umount2(".", MNT_DETACH) != 0)
>> - err(1, "detach private tmpfs");
>> +// if (umount2(".", MNT_DETACH) != 0)
>> +// err(1, "detach private tmpfs");
>> }
>>
>> static void copy_fromat_to(int fromfd, const char *fromname, const
>> char *toname)
>>
>> I think this is due to the line:
>>
>> p->mnt_ns = NULL;
>>
>> in umount_tree(). The test is putting us into a situation in which
>> our cwd has ->mnt_ns = NULL, which is making it act as if it's nosuid.
>> I can imagine this breaking some weird user code (like my test!). Is
>> it a real problem, though?
I just wanted to follow up and say this the mnt_may_suid test appears
to be doing exactly what it was designed to do.
It's goal is not to allow a suid exec from another mount namespace and
in this test the umount2(".", MNT_DETACH) creates a poor man's mount
namespace.
So assuming that we want to not allow execing executables from other
mount namespaces the behavior appears to be exactly correct in this
case.
Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kselftest" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
