non-root should not be able to create files in /sys/fs/cgroup
Bug #838380 reported by
Serge Hallyn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libcgroup (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
The cgconfig.conf and cgroup-lite.conf upstart jobs mount tmpfs under /sys/fs/cgroup, but does so with the default settings which allow non-root users to create files and directories.
Changed in libcgroup (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Serge Hallyn (serge-hallyn) |
To post a comment you must log in.
This bug was fixed in the package libcgroup - 0.37.1-1ubuntu6
---------------
libcgroup (0.37.1-1ubuntu6) oneiric; urgency=low
* debian/ cgroup- bin.cgconfig. upstart and debian/ cgroup- lite.cgroups- mount: cgroup- lite.cgroups- umount: only umount valid cgroups.
mount /sys/fs/cgroup with mode=0755 so unprivileged users can't create
files. (LP: #838380)
* debian/
-- Serge Hallyn <email address hidden> Wed, 31 Aug 2011 21:18:44 +0000