From: Greg Kroah-Hartman <gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Seth Forshee
<seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Serge Hallyn
<serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Kenton Varda <kenton-AuYgBwuPrUQTaNkGU808tA@public.gmane.org>,
Michael Kerrisk-manpages
<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>,
Linux FS Devel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>
Subject: Re: [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2)
Date: Thu, 4 Jun 2015 14:19:58 +0900 [thread overview]
Message-ID: <20150604051958.GA21049@kroah.com> (raw)
In-Reply-To: <87k2vkebri.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
On Wed, Jun 03, 2015 at 04:13:21PM -0500, Eric W. Biederman wrote:
> Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org> writes:
>
> > One option would be to break the nosuid, nodev, and noexec parts into
> > their own patch and then avoid tagging that patch for -stable if at
> > all possible. It would be nice to avoid another -stable ABI break if
> > at all possible.
>
> So I don't think we actually have anything that could be called an ABI
> break in the whole mess, but it is definitely a behavioral change that
> is a regression for lxc and libvirt-lxc that prevents them from starting.
>
> nodev does not actually matter because of the implicit silliness that
> is being added right now.
>
> We do want those programs fixed and after those programs are fixed we
> can safely begin failing mount when those attributes are being cleared
> in a fresh mount.
>
> So it looks to me like the best thing to do is to print a warning
> whenever lxc or libvirt-lxc gets it wrong, which should ensure the
> authors are sufficiently pestered that in a kernel release or 3 we can
> begin enforcing those attributes. Especially as the discussion on the
> fix for those applications has already begun.
"pestering" never works, look at some of the SCSI drivers for examples
of how a distro will just patch out the "warning this driver is using an
old api and needs to be fixed" messages.
You can't break stuff like this, people will get upset :(
greg k-h
next prev parent reply other threads:[~2015-06-04 5:19 UTC|newest]
Thread overview: 145+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-14 17:30 [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Eric W. Biederman
[not found] ` <87pp63jcca.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-14 17:31 ` [CFT][PATCH 01/10] mnt: Refactor the logic for mounting sysfs and proc in a user namespace Eric W. Biederman
2015-05-14 17:32 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
2015-05-14 17:32 ` [CFT][PATCH 03/10] vfs: Ignore unlocked mounts in fs_fully_visible Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 05/10] sysctl: Allow creating " Eric W. Biederman
2015-05-14 17:34 ` [CFT][PATCH 06/10] proc: " Eric W. Biederman
2015-05-14 17:34 ` [CFT][PATCH 07/10] kernfs: Add support for always " Eric W. Biederman
2015-05-14 17:35 ` [CFT][PATCH 08/10] sysfs: Add support for permanently " Eric W. Biederman
[not found] ` <87fv6zhxkp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-14 20:31 ` Greg Kroah-Hartman
2015-05-14 20:31 ` Greg Kroah-Hartman
[not found] ` <20150514203131.GB16416-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-05-14 21:33 ` Eric W. Biederman
2015-05-14 21:33 ` Eric W. Biederman
2015-05-14 17:36 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_empty_dir Eric W. Biederman
[not found] ` <878ucrhxi9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-11 18:44 ` Tejun Heo
2015-08-11 18:57 ` Eric W. Biederman
2015-08-11 19:21 ` Andy Lutomirski
[not found] ` <CALCETrXE=fKa3XkEEo6y2=ZNtsuBfX=kaoyDwiP0C2BwqKJWjw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-12 0:58 ` Eric W. Biederman
[not found] ` <87mvxxcogp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 20:00 ` Tejun Heo
[not found] ` <20150812200035.GB4496-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-12 20:27 ` Eric W. Biederman
2015-08-12 20:27 ` Eric W. Biederman
[not found] ` <87r3n82qxd.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 21:05 ` Tejun Heo
2015-08-12 20:00 ` Tejun Heo
2015-08-12 0:58 ` Eric W. Biederman
[not found] ` <877fp1hcuj.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-11 19:21 ` Andy Lutomirski
2015-08-11 20:11 ` Tejun Heo
[not found] ` <CAOS58YOHU8SFv4UXeBRr4t88UU=DXQCPg2HU_dMBmgM7WBB1zQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-08-12 0:37 ` Eric W. Biederman
[not found] ` <87fv3pe3zn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 3:58 ` Eric W. Biederman
[not found] ` <87a8txb1k8.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 4:04 ` Eric W. Biederman
[not found] ` <871tf9b19v.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 19:15 ` Tejun Heo
2015-08-12 19:15 ` Tejun Heo
[not found] ` <20150812191515.GA4496-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-12 20:07 ` [PATCH] fs: Set the size of empty dirs to 0 Eric W. Biederman
2015-08-12 20:07 ` Eric W. Biederman
[not found] ` <87mvxw46fc.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-08-12 20:18 ` Tejun Heo
2015-08-12 0:37 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_empty_dir Eric W. Biederman
[not found] ` <20150811184426.GH23408-qYNAdHglDFBN0TnZuCh8vA@public.gmane.org>
2015-08-11 18:57 ` Eric W. Biederman
2015-08-11 18:44 ` Tejun Heo
2015-05-14 17:37 ` [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories Eric W. Biederman
2015-05-14 17:37 ` Eric W. Biederman
2015-05-14 20:29 ` [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Greg Kroah-Hartman
2015-05-16 2:05 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-14 17:33 ` [CFT][PATCH 05/10] sysctl: Allow creating " Eric W. Biederman
2015-05-14 20:29 ` [CFT][PATCH 0/10] Making new mounts of proc and sysfs as safe as bind mounts Greg Kroah-Hartman
[not found] ` <20150514202951.GA16416-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-05-14 21:10 ` Eric W. Biederman
2015-05-14 21:10 ` Eric W. Biederman
[not found] ` <87oalmg90j.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-15 6:26 ` Andy Lutomirski
[not found] ` <CALCETrU1yxcDfv4YV3wVpWMAdiOOsSUFOPUpFAN-mVA4M-OxdQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-15 6:55 ` Eric W. Biederman
2015-05-15 6:55 ` Eric W. Biederman
2015-05-15 6:26 ` Andy Lutomirski
2015-05-16 2:05 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-16 2:06 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
[not found] ` <87siaxuvik.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-16 2:06 ` [CFT][PATCH 01/10] mnt: Refactor the logic for mounting sysfs and proc in a user namespace Eric W. Biederman
2015-05-16 2:06 ` Eric W. Biederman
2015-05-16 2:06 ` [CFT][PATCH 02/10] mnt: Modify fs_fully_visible to deal with mount attributes Eric W. Biederman
2015-05-16 2:07 ` [CFT][PATCH 03/10] vfs: Ignore unlocked mounts in fs_fully_visible Eric W. Biederman
2015-05-16 2:07 ` Eric W. Biederman
2015-05-16 2:07 ` [CFT][PATCH 04/10] fs: Add helper functions for permanently empty directories Eric W. Biederman
2015-05-16 2:07 ` Eric W. Biederman
2015-05-16 2:08 ` [CFT][PATCH 05/10] sysctl: Allow creating permanently empty directories that serve as mountpoints Eric W. Biederman
2015-05-16 2:08 ` Eric W. Biederman
2015-05-16 2:08 ` [CFT][PATCH 06/10] proc: Allow creating permanently empty directories that serve as mount points Eric W. Biederman
2015-05-16 2:08 ` Eric W. Biederman
2015-05-16 2:09 ` [CFT][PATCH 07/10] kernfs: Add support for always empty directories Eric W. Biederman
2015-05-16 2:09 ` [CFT][PATCH 08/10] sysfs: Add support for permanently empty directories to serve as mount points Eric W. Biederman
2015-05-16 2:09 ` Eric W. Biederman
2015-05-18 13:14 ` Greg Kroah-Hartman
[not found] ` <87fv6xtgr2.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-16 2:10 ` [CFT][PATCH 09/10] sysfs: Create mountpoints with sysfs_create_mount_point Eric W. Biederman
2015-05-16 2:10 ` Eric W. Biederman
[not found] ` <87a8x5tgpp.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-18 13:14 ` Greg Kroah-Hartman
2015-05-16 2:11 ` [CFT][PATCH 10/10] mnt: Update fs_fully_visible to test for permanently empty directories Eric W. Biederman
2015-05-16 2:11 ` Eric W. Biederman
2015-05-22 17:39 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
2015-05-22 17:39 ` Eric W. Biederman
[not found] ` <87wq004im1.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-22 18:59 ` Andy Lutomirski
2015-05-22 18:59 ` Andy Lutomirski
[not found] ` <CALCETrUhXBR5WQ6gXr9KzGc4=7tph7kzopY29Hug4g+FhOzEKg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-22 20:41 ` Eric W. Biederman
2015-05-28 14:08 ` Serge Hallyn
2015-05-28 14:08 ` Serge Hallyn
2015-05-28 15:03 ` Eric W. Biederman
2015-05-28 15:03 ` Eric W. Biederman
[not found] ` <87lhg8pwvz.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 17:33 ` Andy Lutomirski
2015-05-28 21:04 ` Serge E. Hallyn
2015-05-28 17:33 ` Andy Lutomirski
[not found] ` <CALCETrXXax28s9kMTQ-zDx0MttQWG4rg2y-oz3bSGiumSL=3sg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 18:20 ` Kenton Varda
[not found] ` <CAOP=4wid+N_80iyPpiVMN96_fuHZZRGtYQ6AOPn-HFBj2H6Vgg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 19:14 ` Eric W. Biederman
2015-05-28 19:14 ` Eric W. Biederman
[not found] ` <87fv6gikfn.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 20:12 ` Kenton Varda
2015-05-28 20:12 ` Kenton Varda
[not found] ` <CAOP=4wieEaR_wESNyba7EKPAhi6kf+ujxhoMAFKVRozqWtXHvQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 20:47 ` Richard Weinberger
2015-05-28 20:47 ` Richard Weinberger
[not found] ` <55677EE4.2040903-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 21:07 ` Kenton Varda
2015-05-28 21:07 ` Kenton Varda
[not found] ` <CAOP=4wiAA4SqvMn_rQJHOjg6M-75bi_G9Fx8ENgVnYdkT5WVQA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-28 21:12 ` Richard Weinberger
2015-05-29 0:30 ` Andy Lutomirski
2015-05-29 0:35 ` Andy Lutomirski
2015-05-29 0:35 ` Andy Lutomirski
[not found] ` <CALCETrXO21Y7PR=pKqaqJb1YZArNyjAv7Z-J44O53FcfLM_0Tw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-05-29 4:36 ` Eric W. Biederman
[not found] ` <87fv6g80g7.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-29 4:54 ` Kenton Varda
2015-05-29 17:49 ` Andy Lutomirski
2015-06-03 21:13 ` Eric W. Biederman
[not found] ` <87k2vkebri.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-03 21:15 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible Eric W. Biederman
[not found] ` <87eglseboh.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 4:35 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible (take 2) Eric W. Biederman
2015-06-04 4:35 ` Eric W. Biederman
[not found] ` <874mmodral.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 5:20 ` Greg Kroah-Hartman
2015-06-04 5:20 ` Greg Kroah-Hartman
2015-06-05 0:46 ` [CFT][PATCH 11/10] mnt: Avoid unnecessary regressions in fs_fully_visible Andy Lutomirski
2015-06-05 0:46 ` Andy Lutomirski
[not found] ` <CALCETrWwtFaiaYGLoq4EPkrgcq9nEA2GseVfP3iBkbYZ8NfGPg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-06 19:14 ` Eric W. Biederman
2015-06-06 19:14 ` Eric W. Biederman
2015-06-04 5:19 ` Greg Kroah-Hartman [this message]
2015-06-04 6:27 ` [CFT][PATCH 00/10] Making new mounts of proc and sysfs as safe as bind mounts (take 2) Eric W. Biederman
[not found] ` <87h9qo6la9.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-04 7:34 ` Eric W. Biederman
2015-06-16 12:23 ` Daniel P. Berrange
2015-06-16 12:23 ` Daniel P. Berrange
[not found] ` <20150604051958.GA21049-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-06-04 6:27 ` Eric W. Biederman
[not found] ` <CALCETrVEA0Ug+3aj5rjupqZub-1tPLw+szzbs4kTyEyVvNs7qg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-03 21:13 ` Eric W. Biederman
2015-05-29 4:36 ` Eric W. Biederman
2015-05-28 21:04 ` Serge E. Hallyn
[not found] ` <20150528210438.GA14849-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2015-05-28 21:42 ` Eric W. Biederman
2015-05-28 21:42 ` Eric W. Biederman
2015-05-28 21:52 ` Serge E. Hallyn
[not found] ` <871ti0fkfp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 21:52 ` Serge E. Hallyn
2015-05-28 19:36 ` Richard Weinberger
2015-05-28 19:36 ` Richard Weinberger
[not found] ` <55676E32.3050006-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 19:57 ` Eric W. Biederman
2015-05-28 20:30 ` Richard Weinberger
[not found] ` <55677AEF.1090809-/L3Ra7n9ekc@public.gmane.org>
2015-05-28 21:32 ` Eric W. Biederman
[not found] ` <87iobcfkwx.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 21:46 ` Richard Weinberger
[not found] ` <55678CCA.80807-/L3Ra7n9ekc@public.gmane.org>
2015-06-16 12:30 ` Daniel P. Berrange
2015-06-16 12:30 ` Daniel P. Berrange
2015-05-29 9:30 ` Richard Weinberger
[not found] ` <556831CF.9040600-/L3Ra7n9ekc@public.gmane.org>
2015-05-29 17:41 ` Eric W. Biederman
2015-05-29 17:41 ` Eric W. Biederman
2015-05-29 17:41 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
2015-06-06 18:56 ` Eric W. Biederman
[not found] ` <87mw0c1x8p.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-16 12:31 ` Daniel P. Berrange
[not found] ` <20150616123148.GB18689-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2015-06-16 12:46 ` Richard Weinberger
2015-06-16 12:46 ` Richard Weinberger
2015-06-16 12:31 ` Daniel P. Berrange
[not found] ` <87382gh3uo.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-05-28 20:30 ` Richard Weinberger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150604051958.GA21049@kroah.com \
--to=gregkh-hqyy1w1ycw8ekmwlsbkhg0b+6bgklq7r@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=kenton-AuYgBwuPrUQTaNkGU808tA@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
--cc=richard-/L3Ra7n9ekc@public.gmane.org \
--cc=serge.hallyn-GeWIH/nMZzLQT0dZR+AlfA@public.gmane.org \
--cc=seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
--cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.