lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 02 Jan 2019 19:01:00 +0000
From:   Naja Melan <najamelan@...istici.org>
To:     netdev@...r.kernel.org
Subject: ip netns exec hides mount points from child processes

hi,

I have been using network namespaces for a while, mostly with good results. Recently I ran into a problem where the cgroup mount points are missing for software that needs it (runc).

I discovered that ip netns exec creates a mount namespace to bind mount network configuration files. I suppose that not all mount points are propagated to the new mount ns. Is this correct? I'm wondering if this is intended behaviour. 

In my case this is unexpected (man page does not mention hiding mount points) and undesired (breaks software I run in different netns). Is there a way around this problem.

Note that bind mounting network configuration files is not a problem in my case, but currently I loose at least:

- all cgroup mounts
- debugfs
- configfs 
- pstore
- sysfs
- selinuxfs
- securityfs

Is this a bug, if not is there a way to work around this?

Thanks in advance for your consideration
Naja Melan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ