lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 08 Aug 2012 18:32:18 +0200
From:	Miklos Szeredi <miklos@...redi.hu>
To:	Bryan Wu <bryan.wu@...onical.com>
Cc:	linux-fsdevel@...r.kernel.org, lkml <linux-kernel@...r.kernel.org>,
	kernel-team@...ts.ubuntu.com
Subject: Re: [overlayfs/bug] LXC ephemeral containers have "/rootfs" prefix in /proc/self/maps entries

Bryan Wu <bryan.wu@...onical.com> writes:

> Miklos,
>
> We met a LXC issue [1] with overlayfs in Ubuntu, but with aufs it is gone.
>
> I suspect it's related to the issue you mentioned in Documentation of overlayfs:
> --
> Symlinks in /proc/PID/ and /proc/PID/fd which point to a non-directory
> object in overlayfs will not contain vaid absolute paths, only
> relative paths leading up to the filesystem's root.  This will be
> fixed in the future.
> --
>
> Could you please help to take a look at this? or point me out some hints.
>
> [1], https://bugs.launchpad.net/ubuntu/+source/linux/+bug/959352

To explain this a little background is needed about how overlayfs works.

Unlike a "true" union filesystem like AUFS, the overlayfs filesystem
doesn't actually contain any non-directory files.  So when you open a
regular file, for example, what you get is actually the real file on the
upper or lower filesystems, not a file in the overlayfs.  This is the
most important difference between overlayfs and aufs.

Currently overlayfs creates private clones of the lower and upper mounts
and uses those internally when opening a file.  This results in
/proc/PID/fd showing not the expected path.

Instead of using private mount clones, overlayfs could add these mounts
to the same mountpoint as the overlayfs itself (under the overlayfs)
which would result in the correct path being printed.  But to make this
consistent new logic would need to be added to namespace.c so that these
auxillary mounts are properly cleaned up on umount, and they are
properly copied/moved during mount binding/moving or namespace cloning.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ