From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Weinberger Subject: Re: [GIT PULL] namespace updates for v3.17-rc1 Date: Thu, 21 Aug 2014 15:22:53 +0200 Message-ID: <53F5F2AD.5010607@nod.at> References: <87fvhav3ic.fsf@x220.int.ebiederm.org> <87vbpm4f4y.fsf@x220.int.ebiederm.org> <20140821131257.GA4264@infradead.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: "libvir-list-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org" , Linux Containers , LKML , linux-fsdevel , Linus Torvalds To: Christoph Hellwig , "Eric W. Biederman" Return-path: In-Reply-To: <20140821131257.GA4264-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org List-Id: linux-fsdevel.vger.kernel.org Am 21.08.2014 15:12, schrieb Christoph Hellwig: > On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman wrote: >> Richard Weinberger writes: >> >>> On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman wrote: >>> >>> This commit breaks libvirt-lxc. >>> libvirt does in lxcContainerMountBasicFS(): >> >> The bugs fixed are security issues, so if we have to break a small >> number of userspace applications we will. Anything that we can >> reasonably do to avoid regressions will be done. > > Can you explain the security issues in detail? Breaking common > userspace like libvirt-lxc with just a little bit of handwaiving is > entirely unacceptable. It looks like commit 87b47932f40a11280584bce260cbdb3b5f9e8b7d in git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git for-next unbreaks libvirt-lxc. I hope it hits Linus tree and -stable before the offending commit hits users. Thanks, //richard