From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>
Cc: "libvir-list-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org"
<libvir-list-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Christoph Hellwig <hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>,
linux-fsdevel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Linus Torvalds
<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
Subject: Re: [GIT PULL] namespace updates for v3.17-rc1
Date: Thu, 21 Aug 2014 09:09:50 -0500 [thread overview]
Message-ID: <87k362vsr5.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <53F5F2AD.5010607-/L3Ra7n9ekc@public.gmane.org> (Richard Weinberger's message of "Thu, 21 Aug 2014 15:22:53 +0200")
Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org> writes:
> Am 21.08.2014 15:12, schrieb Christoph Hellwig:
>> On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman wrote:
>>> Richard Weinberger <richard.weinberger-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> writes:
>>>
>>>> On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> wrote:
>>>>
>>>> This commit breaks libvirt-lxc.
>>>> libvirt does in lxcContainerMountBasicFS():
>>>
>>> The bugs fixed are security issues, so if we have to break a small
>>> number of userspace applications we will. Anything that we can
>>> reasonably do to avoid regressions will be done.
>>
>> Can you explain the security issues in detail? Breaking common
>> userspace like libvirt-lxc with just a little bit of handwaiving is
>> entirely unacceptable.
>
> It looks like commit 87b47932f40a11280584bce260cbdb3b5f9e8b7d in
> git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git for-next
> unbreaks libvirt-lxc.
> I hope it hits Linus tree and -stable before the offending commit hits users.
I plan to send the pull request to Linus as soon as I have caught my
breath (from all of the conferences this week) that I can be certain I
am thinking clearly and not rushing things.
Eric
WARNING: multiple messages have this Message-ID (diff)
From: ebiederm@xmission.com (Eric W. Biederman)
To: Richard Weinberger <richard@nod.at>
Cc: Christoph Hellwig <hch@infradead.org>,
Linus Torvalds <torvalds@linux-foundation.org>,
Linux Containers <containers@lists.linux-foundation.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
"libvir-list\@redhat.com" <libvir-list@redhat.com>,
"Daniel P. Berrange" <berrange@redhat.com>
Subject: Re: [GIT PULL] namespace updates for v3.17-rc1
Date: Thu, 21 Aug 2014 09:09:50 -0500 [thread overview]
Message-ID: <87k362vsr5.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <53F5F2AD.5010607@nod.at> (Richard Weinberger's message of "Thu, 21 Aug 2014 15:22:53 +0200")
Richard Weinberger <richard@nod.at> writes:
> Am 21.08.2014 15:12, schrieb Christoph Hellwig:
>> On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman wrote:
>>> Richard Weinberger <richard.weinberger@gmail.com> writes:
>>>
>>>> On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman <ebiederm@xmission.com> wrote:
>>>>
>>>> This commit breaks libvirt-lxc.
>>>> libvirt does in lxcContainerMountBasicFS():
>>>
>>> The bugs fixed are security issues, so if we have to break a small
>>> number of userspace applications we will. Anything that we can
>>> reasonably do to avoid regressions will be done.
>>
>> Can you explain the security issues in detail? Breaking common
>> userspace like libvirt-lxc with just a little bit of handwaiving is
>> entirely unacceptable.
>
> It looks like commit 87b47932f40a11280584bce260cbdb3b5f9e8b7d in
> git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git for-next
> unbreaks libvirt-lxc.
> I hope it hits Linus tree and -stable before the offending commit hits users.
I plan to send the pull request to Linus as soon as I have caught my
breath (from all of the conferences this week) that I can be certain I
am thinking clearly and not rushing things.
Eric
next prev parent reply other threads:[~2014-08-21 14:09 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-06 0:57 [GIT PULL] namespace updates for v3.17-rc1 Eric W. Biederman
2014-08-06 0:57 ` Eric W. Biederman
[not found] ` <87fvhav3ic.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-06 4:46 ` Stephen Rothwell
2014-08-06 4:46 ` Stephen Rothwell
2014-08-06 4:46 ` Stephen Rothwell
[not found] ` <20140806144643.45e5dab8-3FnU+UHB4dNDw9hX6IcOSA@public.gmane.org>
2014-08-06 5:16 ` Eric W. Biederman
2014-08-06 5:16 ` Eric W. Biederman
[not found] ` <87lhr2tcyx.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-06 6:06 ` Stephen Rothwell
2014-08-06 6:06 ` Stephen Rothwell
2014-08-06 6:06 ` Stephen Rothwell
[not found] ` <20140806160608.218b6944-3FnU+UHB4dNDw9hX6IcOSA@public.gmane.org>
2014-08-06 6:30 ` Eric W. Biederman
2014-08-06 6:30 ` Eric W. Biederman
2014-08-07 13:28 ` Theodore Ts'o
2014-08-07 13:28 ` Theodore Ts'o
2014-08-13 2:46 ` Andy Lutomirski
2014-08-13 2:46 ` Andy Lutomirski
[not found] ` <53EAD180.4010906-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
2014-08-13 4:17 ` Eric W. Biederman
2014-08-13 4:17 ` Eric W. Biederman
[not found] ` <87sil1nhut.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-13 4:38 ` Andy Lutomirski
2014-08-13 4:38 ` Andy Lutomirski
2014-08-13 4:45 ` Kenton Varda
[not found] ` <CAOP=4widH1rMZ1O=hzAT+M_8exdzRPA8pJ+wH29AQ9L0ogu9nw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-13 10:24 ` Eric W. Biederman
2014-08-13 10:24 ` Eric W. Biederman
2014-08-15 18:41 ` Andy Lutomirski
[not found] ` <87tx5ghekp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-13 17:03 ` Andy Lutomirski
2014-08-13 17:03 ` Andy Lutomirski
[not found] ` <CALCETrWT_p1-5nkiAjWoeta19fkO3rDiJe9_mhRVqF8x1zXv2A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-14 0:03 ` [PATCH] fs: Remove implicit nodev for new mounts in non-root userns Andy Lutomirski
2014-08-14 0:03 ` Andy Lutomirski
2014-08-15 19:05 ` Serge Hallyn
2014-08-15 19:16 ` Andy Lutomirski
2014-08-15 19:16 ` Andy Lutomirski
[not found] ` <CALCETrVKq1Fxnsd9jKDi5_fcKfCJxBZ1w-zGXD3FR-pF-jLsmQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 19:37 ` Serge Hallyn
2014-08-15 19:37 ` Serge Hallyn
2014-08-15 19:56 ` Andy Lutomirski
2014-08-15 19:56 ` Andy Lutomirski
[not found] ` <CALCETrWB0qBiyfJbapFnjxoNyNvS+aHvgc_eob3fC1j=cv+v5w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-15 20:16 ` Serge Hallyn
2014-08-15 20:16 ` Serge Hallyn
[not found] ` <2686c32f00b14148379e8cfee9c028c794d4aa1a.1407974494.git.luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>
2014-08-15 19:05 ` Serge Hallyn
2014-08-15 20:16 ` Serge Hallyn
2014-08-28 1:35 ` Andy Lutomirski
2014-08-15 20:16 ` Serge Hallyn
2014-08-28 1:35 ` Andy Lutomirski
2014-08-15 18:41 ` [GIT PULL] namespace updates for v3.17-rc1 Andy Lutomirski
2014-08-20 15:06 ` Richard Weinberger
2014-08-20 15:06 ` Richard Weinberger
[not found] ` <CAFLxGvwi-iJRyfwv8v9fcRkiSu2d-az8W55xMPbp_d8wQKmwjg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-08-21 4:53 ` Eric W. Biederman
2014-08-21 4:53 ` Eric W. Biederman
2014-08-21 6:29 ` Richard Weinberger
[not found] ` <53F591E7.3010509-/L3Ra7n9ekc@public.gmane.org>
2014-08-21 7:24 ` Richard Weinberger
2014-08-21 7:24 ` Richard Weinberger
[not found] ` <53F59EC7.6060107-/L3Ra7n9ekc@public.gmane.org>
2014-08-21 13:54 ` Eric W. Biederman
2014-08-21 13:54 ` Eric W. Biederman
[not found] ` <87vbpm4f4y.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-08-21 6:29 ` Richard Weinberger
2014-08-21 13:12 ` Christoph Hellwig
2014-08-21 13:12 ` Christoph Hellwig
[not found] ` <20140821131257.GA4264-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2014-08-21 13:22 ` Richard Weinberger
2014-08-21 13:22 ` Richard Weinberger
[not found] ` <53F5F2AD.5010607-/L3Ra7n9ekc@public.gmane.org>
2014-08-21 14:09 ` Eric W. Biederman [this message]
2014-08-21 14:09 ` Eric W. Biederman
[not found] ` <87k362vsr5.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-09-03 21:18 ` Richard Weinberger
2014-09-03 21:18 ` Richard Weinberger
2014-11-25 23:15 ` Richard Weinberger
2014-11-25 23:15 ` Richard Weinberger
[not found] ` <CAFLxGvzyhHC+QF-bFfp-yNBpCkS3JJ+RAr+5iCj0k_su9wJbGw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-11-29 16:58 ` Richard Weinberger
2014-11-29 16:58 ` Richard Weinberger
2014-08-21 13:43 ` Eric W. Biederman
2014-08-21 13:43 ` Eric W. Biederman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87k362vsr5.fsf@x220.int.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=hch-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org \
--cc=libvir-list-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=richard-/L3Ra7n9ekc@public.gmane.org \
--cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.