lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <87lidqfx3u.fsf@xmission.com>
Date:	Sat, 24 Nov 2012 14:35:17 -0800
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Miklos Szeredi <miklos@...redi.hu>
Cc:	Ian Kent <raven@...maw.net>, autofs@...r.kernel.org,
	linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
	sukadev@...ux.vnet.ibm.com, serge.hallyn@...onical.com
Subject: Re: [PATCH 1/2] autofs4: allow autofs to work outside the initial PID namespace

Miklos Szeredi <miklos@...redi.hu> writes:

> On Sat, Nov 24, 2012 at 1:07 PM, Eric W. Biederman
> <ebiederm@...ssion.com> wrote:
>> Ian Kent <raven@...maw.net> writes:
>>
>>> On Sat, 2012-11-24 at 10:23 +0800, Ian Kent wrote:
>>>> On Fri, 2012-11-23 at 15:30 +0100, Miklos Szeredi wrote:
>
>>>> AFAICS autofs mounts mounted with MS_PRIVATE in the initial namespace do
>>>> propagate to the clone when it's created so I'm assuming subsequent
>>>> mounts would also. If these mounts are busy in some way they can't be
>>>> umounted in the clone unless "/" is marked private before attempting the
>>>> umount.

Subsequent mounts after the clone do not have a mechanism to propogate
with MS_PRIVATE.  As creating a new mount namespaces is essentially
an instance of mount --bind.  Those semantics are a little unintuitive
I have to admit.

>>> This may sound stupid but if there something like, say, MS_NOPROPAGATE
>>> then the problem I see would pretty much just go away. No more need to
>>> umount existing mounts and container instances would be isolated. But, I
>>> guess, I'm not considering the possibility of cloned of processes as
>>> well .... if that makes sense, ;)
>>
>> Something is very weird is going on.  MS_PRIVATE should be the
>> MS_NOPROPOGATE you are looking for.  There is also MS_UNBINDABLE.
>> which is a stronger form of MS_PRIVATE and probably worth play with.
>>
>
> MS_UNBINDABLE says:  skip this mount when copying a mount tree, such
> as when the mount namespace is cloned.
>
> If you set MS_UNBINDABLE on autofs mounts then they will simply not
> appear in a cloned namespace.  Which sounds like a good idea,  no?

Good point.  If the desire is for a mount to be managed by autofs
setting MS_UNBINDABLE seems required.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ