About this list Date view Thread view Subject view Author view Attachment view

From: Enrico Scholz (enrico.scholz_at_informatik.tu-chemnitz.de)
Date: Sat 11 Oct 2003 - 03:40:22 BST


riel_at_surriel.com (Rik van Riel) writes:

>> * CLONE_NEWNS + pivot_root are requiring CAP_SYS_ADMIN (which
>> is not acceptably for vservers); using a new capability for
>> CLONE_NEWNS seems to be possible, but pivot_root(2) needs
>> additional logic. Else, when executed in root-namespace,
>> pivot_root(2) can do really bad things with your system.
>
> Why pivot_root(2) instead of mount --recbind ?

I can not bind another directory to /dev/root (e.g. after 'mount
--bind <chroot> /' I have still the old root-directory). To make
secure vserver-chroots I would do

... CLONE_NEWNS ...
# mount [--bind] <chroot> /vservers/<xxx>
# cd /vservers/<xxx>
# pivot_root . old_root
# exec chroot . sh -c "umount old_root; exec /sbin/init" </dev/null >/dev/null

[from pivot_root(8) manpage]

Because of security reason, the last actions should be done in a native
binary which is copied from old_root into a newly created tmpfs
directory.

Enrico


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 11 Oct 2003 - 04:10:35 BST by hypermail 2.1.3