|
|
Subscribe / Log in / New account

Re: [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2)

[Posted June 10, 2015 by jake]

From:  Serge Hallyn <serge.hallyn-AT-ubuntu.com>
To:  Andy Lutomirski <luto-AT-amacapital.net>
Subject:  Re: [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2)
Date:  Thu, 28 May 2015 14:08:39 +0000
Message-ID:  <20150528140839.GD28842@ubuntumail>
Cc:  "Eric W. Biederman" <ebiederm-AT-xmission.com>, Seth Forshee <seth.forshee-AT-canonical.com>, Linux API <linux-api-AT-vger.kernel.org>, Linux Containers <containers-AT-lists.linux-foundation.org>, Greg Kroah-Hartman <gregkh-AT-linuxfoundation.org>, Kenton Varda <kenton-AT-sandstorm.io>, Michael Kerrisk-manpages <mtk.manpages-AT-gmail.com>, Richard Weinberger <richard-AT-nod.at>, Linux FS Devel <linux-fsdevel-AT-vger.kernel.org>, Tejun Heo <tj-AT-kernel.org>
Archive‑link:  Article

Quoting Andy Lutomirski (luto@amacapital.net):
> On Fri, May 22, 2015 at 10:39 AM, Eric W. Biederman
> <ebiederm@xmission.com> wrote:
> > I had hoped to get some Tested-By's on that patch series.
> 
> Sorry, I've been totally swamped.
> 
> I suspect that Sandstorm is okay, but I haven't had a chance to test
> it for real.  Sandstorm makes only limited use of proc and sysfs in
> containers, but I'll see if I can test it for real this weekend.

Testing this with unprivileged containers, I get

lxc-start: conf.c: lxc_mount_auto_mounts: 808 Operation not permitted - error mounting sysfs on
/usr/lib/x86_64-linux-gnu/lxc/sys/devices/virtual/net flags 0

> > Oh well.  The fundamentals seem sound, and my biggest concern the
> > implicit nodev does not apply so I will put this patchset in linux-next
> > and aim at merging it in the next merge window.  Hopefully that will
> > leave enough time catch problems.
> >
> > Eric
> >
> 
> 
> 
> -- 
> Andy Lutomirski
> AMA Capital Management, LLC
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/contai...
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

to post comments


Copyright © 2015, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds