| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 05 Feb 2012 14:33:44 +0400 From: Michael Tokarev <mjt@....msk.ru> To: Harald Dunkel <harri@...ics.de> CC: Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: /proc/self/mounts in chroot vs lxc On 05.02.2012 12:43, Harald Dunkel wrote: > Hi folks, > > AFAIK /proc/mounts (-> self/mounts) is supposed to replace > /etc/mtab. Problem is: In a chroot it contains too much > (invalid) information about the parent's mount points. It is > very hard to figure out which lines are correct. > > For lxc there seems to be no such problem, so I wonder if it > would be possible to extend this scheme to chroot? > > I am not sure if this is a kernel or libc issue. Any helpful > comment would be highly appreciated. /proc is _always_ kernel thing. For lxc, it creates a separate namespace where all "extra" mounts are unmounted. So /proc/mounts does not contain unnecessary entries. But plain chroot does not create new namespace, the process inherits parent namespace, so there is no way to clean in up cleanly. This is how it always worked, I'd say it is too late to change this, and changing it isn't really trivial due to various implications bind mounts are giving us. I think anway. /mjt. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists