containers.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
From: Al Viro <viro-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
To: Linus Torvalds
	<torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
Cc: Seth Forshee
	<seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
	Linux API <linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
	Linux Containers
	<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
	Greg Kroah-Hartman
	<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
	Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
	Kenton Varda <kenton-AuYgBwuPrUQTaNkGU808tA@public.gmane.org>,
	Tejun Heo <tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
	"Eric W. Biederman"
	<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
	Richard Weinberger <richard-/L3Ra7n9ekc@public.gmane.org>,
	"<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>"
	<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
	Michael Kerrisk-manpages
	<mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>,
	Ivan Delalande <colona-nzgTgzXrdUbQT0dZR+AlfA@public.gmane.org>
Subject: Re: [GIT PULL] User namespace related fixes for v4.2
Date: Sun, 5 Jul 2015 00:11:18 +0100	[thread overview]
Message-ID: <20150704231118.GT17109@ZenIV.linux.org.uk> (raw)
In-Reply-To: <CA+55aFw-DK-xDC-3HYa=BMX8WNyQgT9O01tihrAS9+-7PPj_jA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>

On Fri, Jul 03, 2015 at 03:10:40PM -0700, Linus Torvalds wrote:
> On Mon, Jun 29, 2015 at 2:13 PM, Eric W. Biederman
> <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> wrote:
> >
> > Can you live with the patch below and committing to never supporting
> > executables on proc and sysfs?
> 
> Sure. I don't think executables make any sense what-so-ever in those
> filesystems. I think it's fine saying that /proc and /sys cannot have
> executables in them, and then use that flag to just ignore the
> relevant mount flags.
> 
> Al, comments?

	I can live with that, but I would prefer that to be a superblock
flag force-set in ->mount() (and preserved in ->remount_fs()) rather than
Yet Another FS Type Flag.  OTOH, it's not hard to change afterwards.

	Al, bloody annoyed by having spent hours debugging an odd corruption
in merge candidate, only to find that it correlated to temperature of the
host ;-/  Seem to be all gone after replacing CPU fan and cleaning the
mess under it...

  parent reply	other threads:[~2015-07-04 23:11 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-06-26 20:50 [GIT PULL] User namespace related fixes for v4.2 Eric W. Biederman
     [not found] ` <CA+55aFysKDXr2HEwNzm3z9QOw=E4ZeWcvYQ-xLhy5_k+rGbeRg@mail.gmail.com>
     [not found]   ` <CA+55aFysKDXr2HEwNzm3z9QOw=E4ZeWcvYQ-xLhy5_k+rGbeRg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-06-29 21:13     ` Eric W. Biederman
     [not found]       ` <87pp4eqktr.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-07-03 22:10         ` Linus Torvalds
     [not found]       ` <CA+55aFw-DK-xDC-3HYa=BMX8WNyQgT9O01tihrAS9+-7PPj_jA@mail.gmail.com>
     [not found]         ` <CA+55aFw-DK-xDC-3HYa=BMX8WNyQgT9O01tihrAS9+-7PPj_jA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2015-07-04 23:11           ` Al Viro [this message]
     [not found]             ` <20150704231118.GT17109-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2015-07-10 16:16               ` [REVIEW][PATCH 0/2] noexec on proc and sysfs Eric W. Biederman
     [not found]             ` <87mvz4yomp.fsf_-_@x220.int.ebiederm.org>
     [not found]               ` <87mvz4yomp.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-07-10 16:17                 ` [REVIEW][PATCH 1/2] vfs: Commit to never having exectuables " Eric W. Biederman
2015-07-10 16:18                 ` [REVIEW][PATCH 2/2] mnt: fs_fully_visible enforce noexec and nosuid if !SB_I_NOEXEC Eric W. Biederman
     [not found]               ` <87h9pcyokc.fsf_-_@x220.int.ebiederm.org>
     [not found]                 ` <87h9pcyokc.fsf_-_-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-07-10 18:24                   ` [REVIEW][PATCH 1/2] vfs: Commit to never having exectuables on proc and sysfs Richard Weinberger
     [not found]                     ` <55A00DE9.7060806-/L3Ra7n9ekc@public.gmane.org>
2015-07-10 19:30                       ` Greg Kroah-Hartman
     [not found]                     ` <20150710193052.GB19824@kroah.com>
     [not found]                       ` <20150710193052.GB19824-U8xfFu+wG4EAvxtiuMwx3w@public.gmane.org>
2015-07-10 19:38                         ` Richard Weinberger
     [not found]                       ` <55A01F4B.9010205@nod.at>
     [not found]                         ` <55A01F4B.9010205-/L3Ra7n9ekc@public.gmane.org>
2015-07-10 20:00                           ` Eric W. Biederman
     [not found] ` <87381eyz26.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-06-29 16:43   ` [GIT PULL] User namespace related fixes for v4.2 Linus Torvalds
2015-07-01 20:41   ` Eric W. Biederman
     [not found]     ` <878uazhapq.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2015-07-06 20:47       ` Seth Forshee
     [not found]     ` <20150706204748.GB22962@ubuntu-hedt>
2015-07-06 21:24       ` Eric W. Biederman
     [not found]       ` <E81DECCD-9B19-4D42-BE43-5987DE7B05DB@xmission.com>
     [not found]         ` <E81DECCD-9B19-4D42-BE43-5987DE7B05DB-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2015-07-06 22:25           ` Seth Forshee

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150704231118.GT17109@ZenIV.linux.org.uk \
    --to=viro-3bdd1+5odreifsdqtta3olvcufugdwfn@public.gmane.org \
    --cc=colona-nzgTgzXrdUbQT0dZR+AlfA@public.gmane.org \
    --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    --cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
    --cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
    --cc=kenton-AuYgBwuPrUQTaNkGU808tA@public.gmane.org \
    --cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    --cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
    --cc=mtk.manpages-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org \
    --cc=richard-/L3Ra7n9ekc@public.gmane.org \
    --cc=seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
    --cc=tj-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org \
    --cc=torvalds-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).