lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CADxym3bbx7pXahoRb98ocQb1JYQMdagYDJ+XKe_RwD=7c6MCug@mail.gmail.com>
Date:   Tue, 25 May 2021 14:09:08 +0800
From:   Menglong Dong <menglong8.dong@...il.com>
To:     Luis Chamberlain <mcgrof@...nel.org>
Cc:     Jan Kara <jack@...e.cz>, Jens Axboe <axboe@...nel.dk>,
        hare@...e.de, gregkh@...uxfoundation.org, tj@...nel.org,
        Menglong Dong <dong.menglong@....com.cn>, song@...nel.org,
        NeilBrown <neilb@...e.de>,
        Andrew Morton <akpm@...ux-foundation.org>,
        wangkefeng.wang@...wei.com, f.fainelli@...il.com, arnd@...db.de,
        Barret Rhoden <brho@...gle.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        mhiramat@...nel.org, Steven Rostedt <rostedt@...dmis.org>,
        Kees Cook <keescook@...omium.org>, vbabka@...e.cz,
        Alexander Potapenko <glider@...gle.com>, pmladek@...e.com,
        Chris Down <chris@...isdown.name>, ebiederm@...ssion.com,
        jojing64@...il.com, LKML <linux-kernel@...r.kernel.org>,
        palmerdabbelt@...gle.com, linux-fsdevel@...r.kernel.org,
        Alexander Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH RESEND] init/initramfs.c: make initramfs support pivot_root

On Tue, May 25, 2021 at 9:43 AM Luis Chamberlain <mcgrof@...nel.org> wrote:
>
> >
> > This change seems transparent to users, which don't change the behavior
> > of initramfs.
>
> Are we sure there nothing in the kernel that can regress with this
> change? Are you sure? How sure?
>
> > However, it seems more reasonable to make it a kconfig option.
> > I'll do it in the v2 of the three patches I sended.
>
> I'm actually quite convinced now this is a desirable default *other*
> than the concern if this could regress. I recently saw some piece of
> code fetching for the top most mount, I think it was on the
> copy_user_ns() path or something like that, which made me just
> consider possible regressions for heuristics we might have forgotten
> about.
>
> I however have't yet had time to review the path I was concerned for
> yet.

Yeah, I'm sure...probably. The way I create and mount 'user root' is
almost the same to block root device. When it comes to block
device, such as hda, what kernel do is:

/* This will mount block device on '/root' and chdir to '/root' */
prepare_namespace->mount_root->mount_block_root->do_mount_root;

/* This will move the block device mounted on '/root' to '/' */
init_mount(".", "/", NULL, MS_MOVE, NULL);

/* This will change the root to current dir, which is the root of block
 * device.
 */
init_chroot(".")

And these steps are exactly what I do with 'user root'. However, I'm
not totally sure. For safety, I'll make it into a kconfig option. Is
it acceptable to make it enabled by default?

Thanks!
Menglong Dong

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ