Re: [RFC][PATCH 00/10] Mount, FS, Block and Keyrings notifications [ver #3]

From: David Howells
Date: Thu Jun 06 2019 - 18:55:05 EST


Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:

> They can call fsinfo() anyway, or just read /proc/self/mounts. As far as Iâm
> concerned, if you have CAP_SYS_ADMIN over a mount namespace and LSM policy
> lets you mount things, the of course you can get information to basically
> anyone who can use that mount namespace.

And automounts? You don't need CAP_SYS_ADMIN to trigger one of those, but
they still generate events. On the other hand, you need CSA to mount
something that has automounts in the first place, and if you're particularly
concerned about security, you probably don't want the processes you might be
suspicious of having access to things that contain automounts (typically
network filesystems).

David