lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1467730280-17493-2-git-send-email-phil@nwl.cc>
Date:	Tue,  5 Jul 2016 16:51:19 +0200
From:	Phil Sutter <phil@....cc>
To:	Stephen Hemminger <shemming@...cade.com>
Cc:	"Eric W . Biederman" <ebiederm@...ssion.com>,
	netdev@...r.kernel.org
Subject: [iproute PATCHv2 1/2] ipnetns: Move NETNS_RUN_DIR into it's own propagation group

On systems where the parent mount point is shared, NETNS_RUN_DIR
inherits the parent's propagation group. This leads to netns mount
points being propagated to the parent and thus showing up twice in the
output of 'mount'.

By making the newly mounted NETNS_RUN_DIR private first, then shared
again, it will move to it's own propagation group which will still allow
for netns mounts to propagate between mount namespaces but gets rid of
the double netns entry at the same time.

Suggested-by: Miklos Szeredi <mszeredi@...hat.com>
Signed-off-by: Phil Sutter <phil@....cc>
---
 ip/ipnetns.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/ip/ipnetns.c b/ip/ipnetns.c
index b3ee23c23aaa2..1cefe73c68bfc 100644
--- a/ip/ipnetns.c
+++ b/ip/ipnetns.c
@@ -650,6 +650,11 @@ static int netns_add(int argc, char **argv)
 				NETNS_RUN_DIR, NETNS_RUN_DIR, strerror(errno));
 			return -1;
 		}
+		if (mount("", NETNS_RUN_DIR, "none", MS_PRIVATE, NULL)) {
+			fprintf(stderr, "mount --make-private %s failed: %s\n",
+				NETNS_RUN_DIR, strerror(errno));
+			return -1;
+		}
 		made_netns_run_dir_mount = 1;
 	}
 
-- 
2.8.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ