[PATCH v2 00/10] allow unprivileged overlay mounts
Tetsuo Handa
penguin-kernel at i-love.sakura.ne.jp
Tue Dec 8 10:27:13 UTC 2020
On 2020/12/08 1:32, Miklos Szeredi wrote:
> A general observation is that overlayfs does not call security_path_*()
> hooks on the underlying fs. I don't see this as a problem, because a
> simple bind mount done inside a private mount namespace also defeats the
> path based security checks. Maybe I'm missing something here, so I'm
> interested in comments from AppArmor and Tomoyo developers.
Regarding TOMOYO, I don't want overlayfs to call security_path_*() hooks on the
underlying fs, but the reason is different. It is not because a simple bind mount
done inside a private mount namespace defeats the path based security checks.
TOMOYO does want to check what device/filesystem is mounted on which location. But
currently TOMOYO is failing to check it due to fsopen()/fsmount()/move_mount() API.
More information about the Linux-security-module-archive
mailing list