Re: [REVIEW][PATCH] vfs: Lock in place mounts from more privileged users

[Eric W. Biederman]

"Serge E. Hallyn" <serge@xxxxxxxxxx> writes:

> Quoting Serge E. Hallyn (serge@xxxxxxxxxx):
>> Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx):
>> > 
>> > Serge does this patch break lxc?  I think all should be well but I want
>> > to make certain there is not some hidden case where this fundamentaly
>> > breaks some functionality.
>> 
>> I haven't yet tried.  I'll build and test a kernel today.  I'm pretty
>> sure all the child's mounts are done after clone, so I *think* the worst
>> case will be that the unmounting of put_old after pivot_root() will
>> be noisy.  Will let you know.
>> 
>> -serge
>
> Just tested it - works fine.  Warns about all of the failed umounts.

Just to confirm.  Can you do a lazy umount of put_old and get rid of
them?

> Acked-by: Serge Hallyn <serge.hallyn@xxxxxxxxxxxxx>
>
> ( Mind you I'm not approving of the idea of hiding mounts as a security
> mechanisms, but I know that neither are you :)

As a security mechanism, not really.  This is more about closing a
theoretical hole in case someone was sloppy, and doing it before user
namespaces are too widely deployed so we avoid massive user space
breakage.  It let's me sleep more soundly at night if I know you can't
more access more with user namespaces that you can without user
namespaces.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/