From: Jamie Lokier <jamie@shareable.org>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: linuxram@us.ibm.com, ericvh@gmail.com, pavel@ucw.cz,
viro@parcelfarce.linux.theplanet.co.uk, hch@infradead.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
akpm@osdl.org
Subject: Re: [PATCH] private mounts
Date: Fri, 29 Apr 2005 15:42:52 +0100 [thread overview]
Message-ID: <20050429144252.GA17263@mail.shareable.org> (raw)
In-Reply-To: <E1DRWEt-000149-00@dorka.pomaz.szeredi.hu>
Miklos Szeredi wrote:
> Removing the check makes chroot enter the tree under the other
> process's namespace. However it does not actually change the
> namespace, hence mount/umount won't work.
>
> So joinig a namespace does need a new syscall unfortunately.
It would be trivial to copy mnt->mnt_namespace to current->namespace
in set_fs_root. No need for a syscall just for that.
Given that it works, the right place to decide whether it's allowed is
the permissions on /proc/NNN/root. But remember that you can already
access another process' namespace using ptrace on that process, so
this doesn't relax security if /proc/NNN/root can be entered whenever
ptrace is allowed.
I would really like to know what the purpose of check_mnt() is in
namespace.c. In standard kernels you can't enter another process'
namespace (without the change you tried in proc/base.c), so I don't see
how check_mnt() can _ever_ fail. Can it?
And if it can't fail, is there any need for current->namespace, or can
it just be removed?
-- Jamie
next prev parent reply other threads:[~2005-04-29 14:43 UTC|newest]
Thread overview: 178+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-24 20:08 [PATCH] private mounts Miklos Szeredi
2005-04-24 20:13 ` Al Viro
2005-04-24 20:45 ` Miklos Szeredi
2005-04-24 20:18 ` Christoph Hellwig
2005-04-24 20:50 ` Miklos Szeredi
2005-04-24 20:54 ` Al Viro
2005-04-24 20:59 ` Miklos Szeredi
2005-04-24 21:06 ` Al Viro
2005-04-24 21:15 ` Miklos Szeredi
2005-04-24 21:19 ` Al Viro
2005-04-24 21:29 ` Miklos Szeredi
2005-04-24 21:39 ` Jamie Lokier
2005-04-25 7:10 ` Jan Hudec
2005-04-25 9:58 ` Miklos Szeredi
2005-04-25 11:45 ` Jan Hudec
2005-04-30 8:35 ` Christoph Hellwig
2005-04-30 9:25 ` Miklos Szeredi
2005-04-30 9:42 ` Jamie Lokier
2005-04-30 10:14 ` Miklos Szeredi
2005-04-30 14:36 ` Jamie Lokier
2005-04-30 15:59 ` Miklos Szeredi
2005-04-30 16:42 ` Jamie Lokier
2005-04-30 17:07 ` Miklos Szeredi
2005-04-30 18:20 ` Olivier Galibert
2005-04-30 23:58 ` Jamie Lokier
2005-05-01 2:39 ` Ram
2005-04-30 23:54 ` Jamie Lokier
2005-05-01 5:56 ` Miklos Szeredi
2005-05-01 6:39 ` Miklos Szeredi
2005-05-01 15:41 ` Eric Van Hensbergen
2005-05-11 9:00 ` Christoph Hellwig
2005-05-11 10:42 ` Miklos Szeredi
2005-04-24 21:43 ` Jamie Lokier
2005-04-25 7:14 ` Jan Hudec
2005-04-27 9:14 ` Helge Hafting
2005-04-25 9:48 ` Olivier Galibert
2005-04-25 16:37 ` Tim Hockin
2005-04-30 8:37 ` Christoph Hellwig
2005-04-25 21:09 ` Bryan Henderson
2005-04-26 13:46 ` filesystem transactions API Ville Herva
2005-04-26 14:14 ` Jamie Lokier
2005-04-26 14:22 ` Artem B. Bityuckiy
2005-04-26 14:32 ` Jamie Lokier
2005-04-26 14:46 ` Artem B. Bityuckiy
2005-04-26 15:19 ` Jamie Lokier
2005-04-26 15:01 ` John Stoffel
2005-04-26 15:12 ` Lars Marowsky-Bree
2005-04-26 15:19 ` Trond Myklebust
2005-04-26 15:29 ` Ritesh Kumar
2005-04-26 15:50 ` Jamie Lokier
2005-04-26 16:44 ` Trond Myklebust
2005-04-26 22:44 ` Bryan Henderson
2005-04-26 15:47 ` Jamie Lokier
2005-04-26 15:51 ` Artem B. Bityuckiy
2005-04-26 15:56 ` Jamie Lokier
2005-04-26 16:01 ` Artem B. Bityuckiy
2005-04-27 9:14 ` Jan Hudec
2005-04-26 15:24 ` Jamie Lokier
2005-04-26 17:22 ` Diego Calleja
2005-04-26 17:38 ` Jamie Lokier
2005-04-27 9:34 ` Jan Hudec
2005-04-27 13:43 ` Ville Herva
2005-04-27 15:17 ` Jamie Lokier
2005-04-26 15:40 ` Charles P. Wright
2005-04-26 16:07 ` Artem B. Bityuckiy
2005-04-26 17:22 ` Charles P. Wright
2005-04-27 9:37 ` Lars Marowsky-Bree
2005-04-27 13:36 ` Andi Kleen
2005-04-26 14:25 ` Trond Myklebust
2005-04-24 21:38 ` [PATCH] private mounts Jamie Lokier
2005-04-24 22:20 ` Ram
2005-04-24 22:22 ` Jamie Lokier
2005-04-25 6:00 ` Miklos Szeredi
2005-04-25 6:41 ` Ram
2005-04-25 9:55 ` Miklos Szeredi
2005-04-25 7:22 ` Jan Hudec
2005-04-25 10:08 ` Miklos Szeredi
2005-04-25 15:20 ` Pavel Machek
2005-04-25 19:07 ` Jamie Lokier
2005-04-26 9:29 ` Pavel Machek
2005-04-26 14:07 ` Jamie Lokier
2005-04-28 13:28 ` Eric Van Hensbergen
2005-04-28 19:22 ` Jamie Lokier
2005-04-28 13:47 ` Eric Van Hensbergen
2005-04-28 19:20 ` Jamie Lokier
2005-04-28 19:39 ` Ram
2005-04-28 22:08 ` Jamie Lokier
2005-04-29 7:57 ` Ram
2005-04-29 14:13 ` Miklos Szeredi
2005-04-29 14:42 ` Jamie Lokier [this message]
2005-04-29 14:50 ` Question about current->namespace and check_mnt() Jamie Lokier
2005-04-30 8:33 ` [PATCH] private mounts Christoph Hellwig
2005-04-30 16:47 ` Ram
2005-04-24 21:06 ` Christoph Hellwig
2005-04-24 21:12 ` Jamie Lokier
[not found] <3WVU1-2GE-7@gated-at.bofh.it>
[not found] ` <3WWn1-2ZC-5@gated-at.bofh.it>
[not found] ` <3WWn1-2ZC-3@gated-at.bofh.it>
[not found] ` <3WWwR-3hT-35@gated-at.bofh.it>
[not found] ` <3WWwU-3hT-49@gated-at.bofh.it>
[not found] ` <3WWGj-3nm-3@gated-at.bofh.it>
[not found] ` <3WWQ9-3uA-15@gated-at.bofh.it>
[not found] ` <3WWZG-3AC-7@gated-at.bofh.it>
[not found] ` <3X630-2qD-21@gated-at.bofh.it>
[not found] ` <3X8HA-4IH-15@gated-at.bofh.it>
[not found] ` <3Xagd-5Wb-1@gated-at.bofh.it>
2005-04-25 15:17 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-25 16:18 ` Ram
2005-04-25 19:10 ` Jamie Lokier
2005-04-26 9:16 ` Miklos Szeredi
2005-04-26 9:19 ` Christoph Hellwig
2005-04-26 9:22 ` Miklos Szeredi
2005-04-26 9:36 ` Christoph Hellwig
2005-04-26 9:41 ` Miklos Szeredi
2005-04-26 9:47 ` Christoph Hellwig
2005-04-26 9:53 ` Miklos Szeredi
2005-04-26 9:56 ` Christoph Hellwig
2005-04-26 10:01 ` Miklos Szeredi
2005-04-26 10:09 ` Christoph Hellwig
2005-04-26 12:08 ` Miklos Szeredi
2005-04-26 10:02 ` Christoph Hellwig
2005-04-26 13:19 ` Pavel Machek
2005-04-26 13:28 ` Miklos Szeredi
2005-04-26 20:14 ` Pavel Machek
2005-04-27 8:49 ` Miklos Szeredi
2005-04-27 9:24 ` Pavel Machek
2005-04-27 10:42 ` Miklos Szeredi
2005-04-27 11:57 ` Jan Hudec
2005-04-27 12:23 ` Miklos Szeredi
2005-04-27 12:39 ` Jan Hudec
2005-04-27 13:22 ` Miklos Szeredi
2005-04-27 14:40 ` Jamie Lokier
2005-04-27 14:58 ` Pavel Machek
2005-04-27 23:21 ` Trond Myklebust
2005-04-28 8:24 ` Pavel Machek
2005-04-28 8:28 ` Miklos Szeredi
2005-04-28 11:35 ` Trond Myklebust
2005-04-28 17:58 ` Bryan Henderson
2005-04-28 19:46 ` Trond Myklebust
2005-04-28 22:38 ` Bryan Henderson
2005-04-29 0:35 ` Trond Myklebust
2005-04-27 14:31 ` Jamie Lokier
2005-04-27 14:46 ` Miklos Szeredi
2005-04-27 14:55 ` Miklos Szeredi
2005-04-27 15:33 ` Martin Mares
2005-04-27 15:50 ` Lars Marowsky-Bree
2005-04-27 16:46 ` Martin Mares
2005-04-27 17:38 ` Miklos Szeredi
2005-04-27 17:54 ` Martin Mares
2005-04-27 18:05 ` Miklos Szeredi
2005-04-27 18:25 ` Martin Mares
2005-04-27 18:42 ` Miklos Szeredi
2005-04-28 13:08 ` Pavel Machek
2005-04-28 19:41 ` Miklos Szeredi
2005-04-28 20:21 ` Pavel Machek
2005-04-27 17:33 ` Miklos Szeredi
2005-04-27 17:39 ` Ram
2005-04-27 17:47 ` Miklos Szeredi
2005-04-27 17:55 ` Ram
2005-04-27 18:09 ` Miklos Szeredi
2005-04-27 19:40 ` Ram
2005-04-27 20:03 ` Miklos Szeredi
2005-04-27 21:38 ` Ram
2005-04-28 7:00 ` Miklos Szeredi
2005-04-28 19:30 ` Ram
2005-04-27 20:55 ` Bill Davidsen
2005-04-28 7:24 ` Miklos Szeredi
[not found] ` <20050427174641.GZ4431@marowsky-bree.de>
2005-04-27 17:52 ` Miklos Szeredi
2005-04-26 10:00 ` Andrew Morton
2005-04-26 10:04 ` Christoph Hellwig
2005-04-26 10:14 ` Andrew Morton
2005-04-26 10:38 ` Christoph Hellwig
2005-04-26 13:05 ` Eric Van Hensbergen
2005-04-26 14:14 ` Miklos Szeredi
2005-04-26 15:01 ` Eric Van Hensbergen
2005-04-26 18:55 ` Bryan Henderson
2005-04-26 9:30 ` Martin Mares
2005-04-25 19:02 ` Bryan Henderson
2005-04-26 8:58 ` Jan Hudec
2005-04-26 11:48 ` Bodo Eggert
2005-04-26 17:10 ` Bryan Henderson
2005-04-26 20:08 ` Bodo Eggert
2005-04-26 22:07 ` Bryan Henderson
2005-04-27 8:18 ` Bodo Eggert
2005-04-25 19:03 ` Jamie Lokier
2005-04-26 9:05 ` Jan Hudec
2005-04-26 11:46 ` Bodo Eggert
-- strict thread matches above, loose matches on Subject: below --
2005-05-10 18:28 Nir Tzachar
2005-05-10 19:15 ` Jan Hudec
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050429144252.GA17263@mail.shareable.org \
--to=jamie@shareable.org \
--cc=akpm@osdl.org \
--cc=ericvh@gmail.com \
--cc=hch@infradead.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linuxram@us.ibm.com \
--cc=miklos@szeredi.hu \
--cc=pavel@ucw.cz \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).