lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <87ppgfzwsj.fsf@x220.int.ebiederm.org>
Date:	Mon, 04 Aug 2014 15:59:08 -0700
From:	ebiederm@...ssion.com (Eric W. Biederman)
To:	Richard Weinberger <richard@....at>
Cc:	Ram Pai <linuxram@...ibm.com>,
	linux-fsdevel <linux-fsdevel@...r.kernel.org>,
	Al Viro <viro@...iv.linux.org.uk>,
	Christoph Hellwig <hch@...radead.org>,
	Paul McKenney <paulmck@...ux.vnet.ibm.com>,
	Jeff Mahoney <jeffm@...e.com>, sahne@...0.at,
	"linux-kernel\@vger.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: MNT_DETACH and mount namespace issue

Richard Weinberger <richard@....at> writes:

> Am 04.08.2014 18:46, schrieb Eric W. Biederman:
>> Richard Weinberger <richard.weinberger@...il.com> writes:
>> 
>>> On Sat, Aug 2, 2014 at 12:09 AM, Eric W. Biederman
>>> <ebiederm@...ssion.com> wrote:
[snip]
>> 
>> Hmm.  That problem does sound familiar.
>> 
>> Is the problem oversharing?  Is the problem that the mount of /proc in
>> the chroot directory is propogating into other mount namespaces that
>> don't care?
>
> /proc is propagating into another mount namespaces that does not care.
> This happens because systemd creates for several services a mount namespace and sets
> the root tree to MS_SHARED.

Unless you are in the primary mount namespace when having this issue
it would be good to run mount make-rprivate / before mounting your new
/proc.

>> If the problem is over propogating I would argue that KIWI needs to
>> use a mount namespace instead of a chroot and to tweak the mount
>> namespace so the mount of /proc simply does not leak out.
>> 
>> Not that the kernel doesn't need to be fixed but that a design where
>> mounts propogate everywhere is a problem in userspace anyway, and it is
>> likely going to only need to be a handful of lines of code to fix
>> userspace cleanly.  While the kernel fix or fixes are going to require a
>> bit more time.
>
> KIWI can bypass the issue by not using a lazy unmount of /proc.
> But I fear more applications will need fixing.
> While I don't think that it was a wise choice from systemd developers to set
> / shared by default I agree that systemd is not the root cause of the problem.
> It is the messenger.
>
> It is just annoying that applications stopped working correctly after upgrading
> to systemd.

Quite.

The deep issue here is actually the design of how mount propogation
works.  If you want the option of mounts to propogate then you are
required to make them shared to start with then after creating a mount
namespace if you don't want that sharing you have to do
"mount --make-rprivate /".   Essentially all of this is documented
in Documentation/shared-subtress.txt.  Although frankly I have yet to
find a case where I really want shared subtreess.  Though I have found
a few cases where because we have to deal with sharing I using sharing
to make it not a pain.

Ultimately this means is that in every mount namespace that is created
we have to turn off sharing if we don't want it.    Which usually we
don't because mount namespaces are used when complete sharing is
undesirable.

Eric
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ