Yup, that race is there in theory. This appears to be yet another reason to push for a 'fdmount/mountat' function. But lacking that I'm not sure how we can prevent this.
Do you have any suggestions?
If we have the separate fix in apparmor for writing to /proc/self/attr/current, and the pivot_root update backported, what other attacks remain meaningful here?
Yup, that race is there in theory. This appears to be yet another reason to push for a 'fdmount/mountat' function. But lacking that I'm not sure how we can prevent this.
Do you have any suggestions?
If we have the separate fix in apparmor for writing to /proc/self/ attr/current, and the pivot_root update backported, what other attacks remain meaningful here?