lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 23 Apr 2014 17:54:31 -0700
From:	Andy Lutomirski <luto@...capital.net>
To:	Richard Weinberger <richard.weinberger@...il.com>
Cc:	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Linux FS Devel <linux-fsdevel@...r.kernel.org>
Subject: Re: How do I make a clean mount namespace?

On Wed, Apr 23, 2014 at 1:01 PM, Richard Weinberger
<richard.weinberger@...il.com> wrote:
> On Wed, Apr 23, 2014 at 12:12 AM, Andy Lutomirski <luto@...capital.net> wrote:
>> I want to set up a little container.  So I unshare the mount namespace
>> and mount something somewhere (say /mnt) that I want to be my new
>> root.  Now what?
>>
>> pivot_root("/mnt", "/mnt/garbage") seems to frequently return -EBUSY.
>>
>> mounting /mnt onto / using MS_MOVE seems to succeed, but / still
>> points at the old root.
>>
>> Am I missing a clean way to do this?  I want a way to say "make this
>> mountpoint be the root of the whole mount namespace and lazy-unmount
>> everything outside it".  If there is no straightforward way to do
>> that, can we add one?
>
> I fear you have to read /proc/mounts and umount() everything in the
> correct order.
> If you find a better way, please tell. :-)
>

How about adding a new syscall:

int change_root_mount(const char *path, unsigned long flags);

This requires CAP_SYS_ADMIN and it requires that the caller is not
chrooted.  path must be a mountpoint and flags must be zero.

It lazy-unmounts everything outside path, and it moves path to /.
When it's done, the current process's root is '/'.  If you want to
retain temporary access to outside things, you can keep an fd open.
If the old root is shared, it is made private.  It's okay for path to
be shared (I think).

If other things are already running in the current mount namespace,
then their root directory stays the same, so they keep working, but
they may be a little confused.

I think this could replace pivot_root for most use cases, and it could
simplify programs like switch_root.

Thoughts?

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ