Re: avoid unmounts in unprivileged containers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sa, 27.02.21 11:28, Rodny Molina (rodnymolina@xxxxxxxxx) wrote:

> Thanks for your detailed answer / explanation Lennart, it's fully
> consistent with my code-browsing findings.
>
> I've been struggling myself with the problem that you alluded above to
> identify "foreign" mountpoints. After banging my head against the wall for
> a while i ended up implementing an heuristic based on the
> major:minor-number field of the /proc/pid/mountinfo file: if the container
> mountpoint being considered has a major:minor-id that matches those
> major:minor-ids present in the host mount namespace, then this one is
> likely a "foreign" mountpoint, and shouldn't be unmounted.

Not sure I follow. We'd need this from inside the container, so that
we don't even try to unmount the file system. But from "inside" we
have no outside to the host mount namespace...

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux