lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 19 Aug 2011 09:52:07 +0200 From: Milan Broz <mbroz@...hat.com> To: Linux Kernel Mailing List <linux-kernel@...r.kernel.org> CC: device-mapper development <dm-devel@...hat.com>, Kay Sievers <kay.sievers@...y.org>, "David S. Miller" <davem@...emloft.net>, containers@...ts.osdl.org Subject: Re: clone() with CLONE_NEWNET breaks kobject_uevent_env() (added cc to containers list) On 08/18/2011 11:45 AM, Milan Broz wrote: > Hi, > > after analysing very strange report (with running chromium > some device-mapper ioctl functions started to fail) I found > interesting problem: > > If you run clone() with CLONE_NEWNET (which is chromium using > for sanboxing), udev namespace is cloned too (newly registered > in uevent_sock_list) and netlink send (except the first in list) > fails with -ESRCH. > > This causes that _every_ call of kobject_uevent_env() return failure. > > Most of users silently ignores kobject_uevent() return value, > so the problem was invisible for long time. > > Unfortunately dm checks return value and reports failure, > taking the wrong error path. > > How is this supposed to work? > > Why cloning net namespace breaks the udev netlink subsystem? > > Is it bug or we need to do something differently? > (I do not think ignoring return value is the proper way...) I forgot to explicitly mention that running clone with CLONE_NEWNET causes kobject_uevent_env() to fail _outside_ of cloned namespace (for all kernel users in fact). (The former problem is described here http://article.gmane.org/gmane.linux.kernel.device-mapper.dm-crypt/5256 but it is IMHO generic problem. Instrumenting kobject_uevent() shows that it returns send failure really to all events.) Can anyone please explain this behavior? Milan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists