lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 29 Mar 2018 15:50:51 -0500
From:   Ronak Desai <ronak.desai@...kwellcollins.com>
To:     linux-kernel@...r.kernel.org
Subject: Question regarding container affecting the host system mounts

I came across a problem where if the containers are running then it
affects the unmount process of the system's mount points. I am not
using these mount points as shared mounts with container.

For example, I am using SD card and NAND as external storage device
and mounting it to a mount point in the ramfs. Then I am launching
containers and then when I try to unmount the NAND partition then my
"unmount" call succeeds but I don't see the UBIFS hooks being called
and because of that my UBI detach process fails. When I stopped the
container then I see that kernel is calling the unmount as I see my
debug prints inside the UBIFS for unmounting that partition.

If I tried to mount my NAND partition once the container is up and try
to unmount then it does unmount and detach without issue. It seems
like there is an issue with namespace.

I am using 4.1.8 kernel .  I traced the kernel code and I see that
copy_mnt_ns is calling copy_tree and which basically increasing the
active counts of the super block of my host mount points (NAND, SD cards).
I am using container but I do not wish to share any of my host storage
media with
container so in my container configuration I am only mounting the
tmpfs as the rootfs of container is in in tmpfs of host. But, still I
can't umount completely my host storage media if containers are
running.

I have attached the log of the container start process with debugging
and where you can see it is increasing the super block active counts
for "ubifs".

-- 
Ronak A Desai
Sr. Software Engineer
Airborne Information Solutions / RC Linux Platform Software
MS 131-100, C Ave NE, Cedar Rapids, IA, 52498, USA

Ronak.Desai@...kwellcollins.com

https://www.rockwellcollins.com/

View attachment "container_start_with_debugging.txt" of type "text/plain" (19919 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ