Re: [Vserver] Unexpected behaviour with bind mounts:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] Unexpected behaviour with bind mounts

From: Enrico Scholz <enrico.scholz_at_informatik.tu-chemnitz.de>
Date: Sat 08 Oct 2005 - 15:22:45 BST
Message-ID: <87irw89jgq.fsf@kosh.bigo.ensc.de>

j.k.wight@ncl.ac.uk (Jim Wight) writes:

> I am seeing odd behaviour with bind mounts. For example, if I specify
>
> mount --bind /tmp /vservers/tkt/opt
>
> in pre-start, and

Be very careful when doing such stuff (resp. make sure that the vserver
is trusted). Else, an attacker within the vserver can cause execution of
arbitrary commands in the host...

(hint: think of a symlink /vservers/tkt/opt -> /bin)

> umount /vservers/tkt/opt
>
> in post-stop (or postpost-stop),

* these scripts are NOT executed within the vserver namespace so
  /vservers/tkt/opt is not mounted at this place

* there is not much need for an explicit unmount; when the last process
  of the vserver/context dies, the namespace will not be referenced
  anymore and an implicit unmount happens

Enrico

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Sat Oct 8 15:23:15 2005
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 08 Oct 2005 - 15:23:16 BST by hypermail 2.1.8