lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Sep 2017 13:47:10 -0700
From:   Ram Pai <linuxram@...ibm.com>
To:     Dawid Ciezarkiewicz <dawid.ciezarkiewicz@...rik.com>
Cc:     linux-kernel@...r.kernel.org
Subject: Re: Read-only `slaves` with shared subtrees?

On Fri, Sep 15, 2017 at 10:57:30AM -0700, Dawid Ciezarkiewicz wrote:
> Hi,
> 
> (Please keep me in CC me when responding.)
> 
> I have an use-case for shared subtrees that is not covered by:
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.kernel.org_doc_Documentation_filesystems_sharedsubtree.txt&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=m-UrKChQVkZtnPpjbF6YY99NbT8FBByQ-E-ygV8luxw&m=l46zr30OWtcm54Kc2X1KfLkB11GtFf2YLA0WcpI6Tuo&s=L-i2sXNn5dHjJfzl_lCW-JvlZnGf8NdOB7ZktFGTUdY&e= 
> 
> and I wasn't able to figure out any working solution - it might not be possible
> ATM.
> 
> Long story short:
> I'd like the `slave` mount (service in a container) to mount propagated events
> as RO, no matter how did `master` (host) mount them. Host might need that data
> RW, but slave must have it RO only.
> 
> I'm using Linux containers to isolate processes. I need the container
> to follow part of the host system mount tree, but not have a write-access to it
> (for security reasons). It's a trivial setup as long
> as everything is static, but as soon as a part of what the container needs
> to access is mounted/unmounted at runtime (and thus shared subtrees
> are involved),
> there seems to be no way to control the flags of the propagated mount events.

It is possible to make a slave mount readonly, by  remounting it with
'ro' flags.

something like

mount -o bind,remount,ro <slave-mount-dir>

Any mount-propagation events reaching a read-only-slave does 
inherit the slave attribute. However it does not inherit the
read-only attribute.

Should it inherit? or should it not? -- that has not been thought
off AFAICT. it think we should let it inherit.

RP

Powered by blists - more mailing lists