© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
So the problem is that a force unmount of a bind-mount of a fuse filesystem somehow gets the kernel to send the "destroy" command back to the user space process running the filesystem. This behavior is clearly wrong.
As an example, lets say that I'm running "lxcfs" as a fuse filesystem on my system. The mount is visible to everyone on the system and then as a nobody user I can unshare my user namespace, unshare my mount namespace, bind-mount that filesystem to say /mnt and then force unmount it and it will destroy the fuse filesystem entirely, getting the process that backs it to exit and preventing anyone on the system from accessing it.
A simple reproducer is: echo "mount --bind /var/lib/lxcfs /mnt && umount -f /mnt" | lxc-usernsexec -- /bin/bash