Comment 7 for bug 1789161
Revision history for this message
| Christian Brauner (cbrauner) wrote Re: [Bug 1789161] Re: Bypass of mount visibility through userns + mount propagation | #7 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
On Mon, Aug 27, 2018, 13:00 Eric W. Biederman <email address hidden> wrote:
> Christian Brauner <email address hidden> writes:
>
> > Or just fail if there are any unbindable children. But let's see what
>
> My thought is to do the work when mount unbindable is being set:
> (a) If the setter has enough permissions to umount the mount in
> question the clear MNT_LOCKED and set MNT_UNBINDABLE
>
> (b) If the setter does not have enough permissions to clear MNT_LOCKED
> than fail to set MNT_UNBINDABLE.
>
> (-) I think only the second case applies as except for mount
> propagation I don't think there is a way to clear MNT_LOCKED.
>
> This needs to happen in public with plenty of exposure as this is a very
> minor issue and there is the potential to break userspace. Who knows
> what bits of userspace we might break.
>
> I actually don't expect any but we need to be careful and probably take
> the full development cycle to get this in. Just so that we are certain
>
Are you taking this or should I?
Christian
there is plenty of time for people to test and let us know if someone's
> configuration breaks.
>
> Eric
>