Re: [PATCH-RFC] code for raceless /sys/fs/foofs/*

From: Trond Myklebust
Date: Wed May 05 2004 - 12:10:54 EST

Next message: John Cherry: "Re: 2.6.6-rc3-mm2 (compile stats)"
Previous message: Christian Borntraeger: "Re: [RFC 0/6] sysfs backing store ver 0.5"
In reply to: viro: "Re: [PATCH-RFC] code for raceless /sys/fs/foofs/*"
Next in thread: viro: "Re: [PATCH-RFC] code for raceless /sys/fs/foofs/*"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2004-05-05 at 12:36, viro@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
wrote:

> We also allow anyone with sysfs mounted to see which filesystems are currently
> mounted on the box - again, regardless of being able to see them in the
> chroot jail/restricted namespace/etc. It can easily become an issue in
> setups where such information is sensitive.

...but are you *really* likely to be mounting sysfs in a chrooted jail
or restricted namespace?

...and if you do, aren't you more likely to simply 'mount --bind' those
minimal parts of sysfs that you actually need for the given process that
is gaoled?

Cheers,
Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: John Cherry: "Re: 2.6.6-rc3-mm2 (compile stats)"
Previous message: Christian Borntraeger: "Re: [RFC 0/6] sysfs backing store ver 0.5"
In reply to: viro: "Re: [PATCH-RFC] code for raceless /sys/fs/foofs/*"
Next in thread: viro: "Re: [PATCH-RFC] code for raceless /sys/fs/foofs/*"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]