From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm@xmission.com (Eric W. Biederman) Subject: Re: 4.2: Can't mount sysfs in a mount ns & user ns Date: Thu, 13 Aug 2015 10:20:09 -0500 Message-ID: <87r3n71ahi.fsf@x220.int.ebiederm.org> References: <1439452396.23299.33.camel@v3.sk> Mime-Version: 1.0 Content-Type: text/plain Cc: linux-fsdevel@vger.kernel.org To: Lubomir Rintel Return-path: Received: from out02.mta.xmission.com ([166.70.13.232]:40226 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752286AbbHMP07 (ORCPT ); Thu, 13 Aug 2015 11:26:59 -0400 In-Reply-To: <1439452396.23299.33.camel@v3.sk> (Lubomir Rintel's message of "Thu, 13 Aug 2015 09:53:16 +0200") Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Lubomir Rintel writes: > Hi, > > 4.0.6-300.fc22.x86_64: > [lkundrak@fedora22-1 ~]$ unshare -r --mount --net > [root@fedora22-1 ~]# mount --make-slave /sys > [root@fedora22-1 ~]# mount -t sysfs sysfs /sys > [root@fedora22-1 ~]# > > 4.2.0-0.rc6.git0.1.fc24.x86_64: > [lkundrak@fedora23-1 ~]$ unshare -r --mount --net > [root@fedora23-1 ~]# mount --make-slave /sys > [root@fedora23-1 ~]# mount -t sysfs sysfs /sys > mount: permission denied > [root@fedora23-1 ~]# > > we use this in NetworkManager test suite, to ensure the devices we see > via GUdev are the same as we see via rtnetlink. > > I'm wondering if this is a bug or an intended change? There was an intentional tightening up of the permissions required to mount sysfs to prevent people in jails from gaining access to things they would not ordinarily have access to. The change was not expected to affect anyones legitimate use case. What are the mount flags of the previous mount of sysfs? What is mounted on top of sysfs? Or in short can I see /proc/self/mounts for the failing scenario? Without a little more detail I can't see if there is a possible security violation in your code or if this is something I can fix. Eric