From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Weinberger Subject: Re: [GIT PULL] namespace updates for v3.17-rc1 Date: Thu, 21 Aug 2014 15:22:53 +0200 Message-ID: <53F5F2AD.5010607@nod.at> References: <87fvhav3ic.fsf@x220.int.ebiederm.org> <87vbpm4f4y.fsf@x220.int.ebiederm.org> <20140821131257.GA4264@infradead.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20140821131257.GA4264-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Christoph Hellwig , "Eric W. Biederman" Cc: "libvir-list-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org" , Linux Containers , LKML , linux-fsdevel , Linus Torvalds List-Id: containers.vger.kernel.org Am 21.08.2014 15:12, schrieb Christoph Hellwig: > On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman wrote: >> Richard Weinberger writes: >> >>> On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman wrote: >>> >>> This commit breaks libvirt-lxc. >>> libvirt does in lxcContainerMountBasicFS(): >> >> The bugs fixed are security issues, so if we have to break a small >> number of userspace applications we will. Anything that we can >> reasonably do to avoid regressions will be done. > > Can you explain the security issues in detail? Breaking common > userspace like libvirt-lxc with just a little bit of handwaiving is > entirely unacceptable. It looks like commit 87b47932f40a11280584bce260cbdb3b5f9e8b7d in git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git for-next unbreaks libvirt-lxc. I hope it hits Linus tree and -stable before the offending commit hits users. Thanks, //richard From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755277AbaHUNXC (ORCPT ); Thu, 21 Aug 2014 09:23:02 -0400 Received: from a.ns.miles-group.at ([95.130.255.143]:65276 "EHLO radon.swed.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754797AbaHUNXA (ORCPT ); Thu, 21 Aug 2014 09:23:00 -0400 Message-ID: <53F5F2AD.5010607@nod.at> Date: Thu, 21 Aug 2014 15:22:53 +0200 From: Richard Weinberger User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: Christoph Hellwig , "Eric W. Biederman" CC: Linus Torvalds , Linux Containers , linux-fsdevel , LKML , "libvir-list@redhat.com" , "Daniel P. Berrange" Subject: Re: [GIT PULL] namespace updates for v3.17-rc1 References: <87fvhav3ic.fsf@x220.int.ebiederm.org> <87vbpm4f4y.fsf@x220.int.ebiederm.org> <20140821131257.GA4264@infradead.org> In-Reply-To: <20140821131257.GA4264@infradead.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am 21.08.2014 15:12, schrieb Christoph Hellwig: > On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman wrote: >> Richard Weinberger writes: >> >>> On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman wrote: >>> >>> This commit breaks libvirt-lxc. >>> libvirt does in lxcContainerMountBasicFS(): >> >> The bugs fixed are security issues, so if we have to break a small >> number of userspace applications we will. Anything that we can >> reasonably do to avoid regressions will be done. > > Can you explain the security issues in detail? Breaking common > userspace like libvirt-lxc with just a little bit of handwaiving is > entirely unacceptable. It looks like commit 87b47932f40a11280584bce260cbdb3b5f9e8b7d in git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git for-next unbreaks libvirt-lxc. I hope it hits Linus tree and -stable before the offending commit hits users. Thanks, //richard