[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root
From: |
Colin Walters |
Subject: |
Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root |
Date: |
Wed, 17 Jun 2020 08:55:36 -0400 |
User-agent: |
Cyrus-JMAP/3.3.0-dev0-529-g3ee424a-fm-20200611.001-g3ee424a1 |
On Wed, Jun 17, 2020, at 8:50 AM, Stefan Hajnoczi wrote:
> Something along these lines should work. Hopefully seccomp can be
> retained. It would also be necessary to check how not having the shared
> directory as / in the mount namespace affects functionality. For one,
> I'm pretty sure symlink escapes and similar path traversals outside the
> shared directory will be possible since virtiofsd normally relies on /
> as protection.
Yes, though two points:
- As I said, I don't care about that for my use case; the operating system
we're testing is going to e.g. run on bare metal hosting workloads itself, so
if it's malicious we have already lost (reliability against *accidental* damage
is always nice though, like a stray rm -rf in some test script walking into the
host)
- Probably the best long term fix would be to use
https://lwn.net/Articles/796868/ anyways