From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 05 Sep 2005 - 15:39:32 BST
On Mon, Sep 05, 2005 at 08:01:41PM +0900, Jun OKAJIMA wrote:
> >> I mean, I can write -o ro mounted dirs!. Why?
> >because the mainline kernel folks are lazy and
> >Al Viro considers this a feature instead of a bug :)
> Thanks and I understand why.
> But, if so, something like this could happen,
> even with your BME patch.
> [Host] # mount -o bind,ro /etc /vserver/103/etc
> [Host] # vserver 103 start
>  # cat /etc/shadow
> ....you can see shadowed passes from vserver.
> I think a root under vserver should be like this:
> 1. for files under /vserver/103/* -> same as real root.
> 2. for files bind-mounted from host / -> same as normal user.
that would add additional policy to the kernel
which is a) not required and b) limiting, because
what if somebody wants to share a dir between two
guests via --bind mounts?
also do not forget that usually linux-vserver guests
have a separate namespace, so --bind mounts done
on the host system are not necessarily present in
the guest namespace ...
> your opinion is?
that is part of the host administration process.
as admin, you should _always_ know what you are
doing, and what the possible implications are ...
--bind mounting the host /etc into a guest is
playing with fire in any case ... so simply just
don't do it unless guest root is trusted.
> --- Okajima, Jun. Tokyo, Japan.
Vserver mailing list