[REVIEW][PATCH 5/5] mnt: Add tests for unprivileged remount cases that have found to be faulty

Eric W. Biederman ebiederm at xmission.com
Thu Jul 31 22:52:29 UTC 2014


Serge Hallyn <serge.hallyn at ubuntu.com> writes:

> Quoting Eric W. Biederman (ebiederm at xmission.com):
>> 
>> Kenton Varda <kenton at sandstorm.io> discovered that by remounting a
>> read-only bind mount read-only in a user namespace the
>> MNT_LOCK_READONLY bit would be cleared, allowing an unprivileged user
>> to the remount a read-only mount read-write.
>> 
>> Upon review of the code in remount it was discovered that the code allowed
>> nosuid, noexec, and nodev to be cleared.  It was also discovered that
>> the code was allowing the per mount atime flags to be changed.
>> 
>> The first naive patch to fix these issues contained the flaw that using
>> default atime settings when remounting a filesystem could be disallowed.
>> 
>> To avoid this problems in the future add tests to ensure unprivileged
>> remounts are succeeding and failing at the appropriate times.
>> 
>> Cc: stable at vger.kernel.org
>
> one nit below
>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

>> +#ifndef CLONE_NEWSNS
>
> Could cause build error in some places...  missspelled NEW S NS above.
>
>> +# define CLONE_NEWNS 0x00020000
>> +#endif

You are right that is an embarrassing typo.  I wonder how that ever
happened.  I will take care of that.

Eric



More information about the Containers mailing list