lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Sep 2017 13:47:10 -0700 From: Ram Pai <linuxram@...ibm.com> To: Dawid Ciezarkiewicz <dawid.ciezarkiewicz@...rik.com> Cc: linux-kernel@...r.kernel.org Subject: Re: Read-only `slaves` with shared subtrees? On Fri, Sep 15, 2017 at 10:57:30AM -0700, Dawid Ciezarkiewicz wrote: > Hi, > > (Please keep me in CC me when responding.) > > I have an use-case for shared subtrees that is not covered by: > > https://urldefense.proofpoint.com/v2/url?u=https-3A__www.kernel.org_doc_Documentation_filesystems_sharedsubtree.txt&d=DwIBaQ&c=jf_iaSHvJObTbx-siA1ZOg&r=m-UrKChQVkZtnPpjbF6YY99NbT8FBByQ-E-ygV8luxw&m=l46zr30OWtcm54Kc2X1KfLkB11GtFf2YLA0WcpI6Tuo&s=L-i2sXNn5dHjJfzl_lCW-JvlZnGf8NdOB7ZktFGTUdY&e= > > and I wasn't able to figure out any working solution - it might not be possible > ATM. > > Long story short: > I'd like the `slave` mount (service in a container) to mount propagated events > as RO, no matter how did `master` (host) mount them. Host might need that data > RW, but slave must have it RO only. > > I'm using Linux containers to isolate processes. I need the container > to follow part of the host system mount tree, but not have a write-access to it > (for security reasons). It's a trivial setup as long > as everything is static, but as soon as a part of what the container needs > to access is mounted/unmounted at runtime (and thus shared subtrees > are involved), > there seems to be no way to control the flags of the propagated mount events. It is possible to make a slave mount readonly, by remounting it with 'ro' flags. something like mount -o bind,remount,ro <slave-mount-dir> Any mount-propagation events reaching a read-only-slave does inherit the slave attribute. However it does not inherit the read-only attribute. Should it inherit? or should it not? -- that has not been thought off AFAICT. it think we should let it inherit. RP
Powered by blists - more mailing lists