BUG: Mount ignores mount options
Eric W. Biederman
ebiederm at xmission.com
Sat Aug 11 01:32:04 UTC 2018
"Darrick J. Wong" <darrick.wong at oracle.com> writes:
> On Fri, Aug 10, 2018 at 07:54:47PM -0400, Theodore Y. Ts'o wrote:
>> The reason why I bring this up here is that in container land, there
>> are those who believe that "container root" should be able to mount
>> file systems, and if the "container root" isn't trusted, the fact that
>> the "container root" can crash the host kernel, or worse, corrupt the
>> host kernel and break out of the container as a result, that would be
>> sad.
>>
>> I was pretty sure most file system developers are on the same page
>> that allowing untrusted "container roots" the ability to mount
>> arbitrary block device file systems is insanity.
>
> Agreed.
For me I am happy with fuse. That is sufficient to cover any container
use cases people have. If anyone comes bugging you for more I will be
happy to push back.
The only thing that containers have to do with this is I wind up
touching a lot of the kernel/user boundary so I get to see a lot of it
and sometimes see weird things.
Eric
More information about the Linux-security-module-archive
mailing list