Comment 6 for bug 1789161
Revision history for this message
| Eric W. Biederman (ebiederm) wrote Re: [Bug 1789161] Re: Bypass of mount visibility through userns + mount propagation | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Christian Brauner <email address hidden> writes:
> Or just fail if there are any unbindable children. But let's see what
My thought is to do the work when mount unbindable is being set:
(a) If the setter has enough permissions to umount the mount in
question the clear MNT_LOCKED and set MNT_UNBINDABLE
(b) If the setter does not have enough permissions to clear MNT_LOCKED
than fail to set MNT_UNBINDABLE.
(-) I think only the second case applies as except for mount
propagation I don't think there is a way to clear MNT_LOCKED.
This needs to happen in public with plenty of exposure as this is a very
minor issue and there is the potential to break userspace. Who knows
what bits of userspace we might break.
I actually don't expect any but we need to be careful and probably take
the full development cycle to get this in. Just so that we are certain
there is plenty of time for people to test and let us know if someone's
configuration breaks.
Eric