Re: /etc/mtab and per-process namespaces

From: Bodo Eggert
Date: Sat Oct 22 2005 - 12:26:56 EST

Next message: Luben Tuikov: "Re: ioctls, etc. (was Re: [PATCH 1/4] sas: add flag for locally attached PHYs)"
Previous message: Luben Tuikov: "Re: ioctls, etc. (was Re: [PATCH 1/4] sas: add flag for locally attached PHYs)"
In reply to: Rob Landley: "Re: /etc/mtab and per-process namespaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dr. Greg Wettstein <greg@xxxxxxxxxxxxxxxxx> wrote:
> On Oct 13, 7:10pm, Mike Waychison wrote:
> } Subject: Re: /etc/mtab and per-process namespaces

> I've been pondering the best way to take on the mount problem.
> Current mount binaries seem to fall back to /proc/mounts if /etc/mtab
> is not present. All bets are off of course if the mount binary is
> used for the bind mount since a new /etc/mtab is created.
>
> I'm willing to whack on the mount binary a bit as part of this. The
> obvious solution is to teach mount to act differently if it is running
> in a private namespace. If anybody knows of a good way to detect this
> I would be interested in knowing that. In newns (the namespace sudo
> tool) I'm setting an environment variable for mount to detect on but a
> system level approach would be more generic.

- If named namespaces are to be implemented, you could check for a set
namespace ID. (You could also get rid of the persistent-namespace-daemon.)

- If secure user mounts are implemented, missing privileges will be hint.
Privileged mounts will require a global configuration where a flag can
be set. (BTW: You'll also want to disable user mounts in global namespaces
to catch errors, abuse and exploits)

- Until any of these is implemented, users will run in a private namespace,
so UID != EUID will indicate a private namespace. Unfortunately this is
not secure, but:

- If the proc/mounts information is extended as described below, a different
behaviour wouldn't make sense anymore, would it?

> The other problem is the information exported in /proc/mounts. It
> would seem problematic to modify its format but in order to serve as a
> useful source of information for a modified mount binary it would need
> to contain mount option information. Since this is definitely process
> specific information it would seem to call for something in /proc
> rather than /sysfs. Do we need a new pseudo-file?

- The file format is broken for whitespace in filenames, so changing the
format in these cases by adding quoting won't actually break anything.

- The userspace options (loop device etc) can be encoded in the mount
options field, e.g.
'rw,mount=lo:"/home/Arthur Dent/iso":/dev/loop/42;ns=public,async'.

So if you _want_ to keep the format, you can IMHO do so. Maybe you can
think of something better, who knows? We'll need to upgrade the tools
to use non-broken semantics anyway, so as long as you keep the old file
around, this should be no real problem.

--
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Luben Tuikov: "Re: ioctls, etc. (was Re: [PATCH 1/4] sas: add flag for locally attached PHYs)"
Previous message: Luben Tuikov: "Re: ioctls, etc. (was Re: [PATCH 1/4] sas: add flag for locally attached PHYs)"
In reply to: Rob Landley: "Re: /etc/mtab and per-process namespaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]