| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALCETrXS9ShF0k_tiFcBN6NY6ODCvhuZLh15VeHC5JUz9gWQuA@mail.gmail.com>
Date: Fri, 13 Jul 2018 10:14:44 -0700
From: Andy Lutomirski <luto@...nel.org>
To: David Howells <dhowells@...hat.com>
Cc: Linus Torvalds <torvalds@...ux-foundation.org>,
Andrew Lutomirski <luto@...nel.org>,
Al Viro <viro@...iv.linux.org.uk>,
Linux API <linux-api@...r.kernel.org>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Jann Horn <jannh@...gle.com>, Tycho Andersen <tycho@...ho.ws>
Subject: Re: [PATCH 24/32] vfs: syscall: Add fsopen() to prepare for
superblock creation [ver #9]
On Fri, Jul 13, 2018 at 8:40 AM, David Howells <dhowells@...hat.com> wrote:
> Andy Lutomirski <luto@...capital.net> wrote:
>
>> > Whilst I'm at it, do we want the option of doing the equivalent of
>> > mountat()? I.e. offering the option to open all the device files used by
>> > a superblock with dfd and AT_* flags in combination with the filename?
>> >
>>
>> Isn't that more or less what I was suggesting?
>
> Yes, you suggested that. I'm asking if we actually need that.
>
Suppose some program in a container chroots itself and then tries to
create an fscontext backed by "/path/to/blockdev". The syscall gets
intercepted by a container manager. That manager now has a somewhat
awkward time of mounting the same fs, although it could use
"/proc/PID/root/path/to/blockdev", I suppose. Even that approach has
some potentially awkward permission issues. I would defer to the
people who actually write software like this, but I can imagine fds
being considerably easier to work with.
Powered by blists - more mailing lists