Ubuntu
lxc package

  1. Bug #1476662
  2. Comment #34

Comment 34 for bug 1476662

Revision history for this message
Roman Fiedler (roman-fiedler-deactivatedaccount) wrote : AW: [Bug 1476662] Re: lxc-start symlink vulnerabilities may allow guest to read host filesystem, interfere with apparmor

I think that the implementation of fusermount (file system in user space) had
similar problem, some code in this domain uses scheme, were process opens the
dir, chdirs in the other one and uses the /proc/self/fd elements in the mount
command.

This is even resistent to moving/deleting and recreating the directory in
between, but I'm not sure, if it could be applied here also.