From: Ram <linuxram@us.ibm.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: jamie@shareable.org, ericvh@gmail.com, 7eggert@gmx.de,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
smfrench@austin.rr.com, hch@infradead.org
Subject: Re: [RCF] [PATCH] unprivileged mount/umount
Date: Fri, 13 May 2005 00:25:24 -0700 [thread overview]
Message-ID: <1115969123.6248.336.camel@localhost> (raw)
In-Reply-To: <1115946620.6248.299.camel@localhost>
On Thu, 2005-05-12 at 18:10, Ram wrote:
> On Thu, 2005-05-12 at 11:51, Miklos Szeredi wrote:
> > > > I'm not sure passing directory file descriptors is the right semantic
> > > > we want - but at least it provides a point of explicit control (in
> > > > much the same way as a bind). Are you sure the clone + open("/") +
> > > > pass-to-parent scenario you allows the parent to traverse the child's
> > > > private name space through that fd?
> > >
> > > Pretty sure.
> >
> > Yup. Attached a little program that can be used to try this out. It
> > creates a new namespace in the child, does a bind mount (so the
> > namespaces can be differentiated), then sends the file descriptor of
> > "/" to the parent. The parent does fchdir(fd), then starts a shell.
>
>
> > So the result is that CWD is under the child namespace, while root is
> > under the initial namespace.
> >
>
> r u sure, this program works? Sorry if I am saying something dumb here.
> Correct me. When a file descriptor is sent from one process to other,
> arn't they referring to different files in each of the processes.
> fd=5 may be pointing to file 'xyz' in parent process,
> where as fd=5 will be pointing to 'abc' in the child process.
>
> This program did not work for me, and I was wondering if adding
> CLONE_FILES in clone() would help. Because that would make sure
> that both
> the processes share the same file descriptor. It did not work too.
>
> What am I understanding wrong?
Sorry it works. I was misinterpreting the results.
>
> In any case my opinion is if this program works than the hole should
> be closed instead of exploting it to access different namespace. I
> know Jamie is going to pounce at me. ;)
a patch is due to fix the problem :)
RP
next prev parent reply other threads:[~2005-05-13 7:27 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <406SQ-5P9-5@gated-at.bofh.it>
[not found] ` <40rNB-6p8-3@gated-at.bofh.it>
[not found] ` <40t37-7ol-5@gated-at.bofh.it>
[not found] ` <42VeB-8hG-3@gated-at.bofh.it>
[not found] ` <42WNo-1eJ-17@gated-at.bofh.it>
2005-05-11 16:41 ` [RCF] [PATCH] unprivileged mount/umount Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-05-11 17:07 ` Jamie Lokier
2005-05-11 18:49 ` Miklos Szeredi
2005-05-11 19:05 ` serue
2005-05-11 19:46 ` Bodo Eggert
2005-05-11 20:40 ` Miklos Szeredi
2005-05-11 21:11 ` Jamie Lokier
2005-05-12 3:05 ` serue
2005-05-11 19:35 ` Ram
2005-05-11 20:31 ` Miklos Szeredi
2005-05-11 21:28 ` Jamie Lokier
2005-05-11 22:42 ` Ram
2005-05-11 22:58 ` Eric Van Hensbergen
2005-05-12 1:02 ` Jamie Lokier
2005-05-12 2:18 ` Eric Van Hensbergen
2005-05-12 6:45 ` Jamie Lokier
2005-05-12 13:23 ` Eric Van Hensbergen
2005-05-12 13:47 ` serue
2005-05-12 15:16 ` Jamie Lokier
2005-05-12 12:51 ` serue
2005-05-12 18:51 ` Miklos Szeredi
2005-05-12 19:56 ` Jamie Lokier
2005-05-13 8:55 ` Miklos Szeredi
2005-05-13 1:10 ` Ram
2005-05-13 6:06 ` Miklos Szeredi
2005-05-13 7:25 ` Ram [this message]
2005-05-13 8:59 ` Ram
2005-05-13 9:10 ` Miklos Szeredi
2005-05-13 16:53 ` Ram
2005-05-13 17:14 ` Miklos Szeredi
2005-05-13 18:44 ` Alan Cox
2005-05-13 20:56 ` Bryan Henderson
2005-05-12 0:59 ` Jamie Lokier
2005-05-13 6:41 ` Ram
2005-05-11 21:09 ` Jamie Lokier
2005-05-11 21:20 ` Miklos Szeredi
2005-05-11 21:32 ` Jamie Lokier
2005-05-11 19:32 ` Bodo Eggert
2005-05-11 21:23 ` Jamie Lokier
2005-05-11 21:34 ` Miklos Szeredi
2005-05-11 21:36 ` Jamie Lokier
2005-05-12 3:08 ` serue
2005-05-03 14:31 Miklos Szeredi
2005-05-03 17:30 ` Bill Davidsen
2005-05-04 13:08 ` Eric Van Hensbergen
2005-05-04 14:21 ` Miklos Szeredi
2005-05-04 14:51 ` Eric Van Hensbergen
2005-05-04 15:21 ` Miklos Szeredi
2005-05-11 8:51 ` Christoph Hellwig
2005-05-11 10:31 ` Miklos Szeredi
2005-05-12 21:08 ` Bryan Henderson
2005-05-13 5:47 ` Miklos Szeredi
2005-05-13 7:19 ` Jan Hudec
2005-05-13 8:33 ` Miklos Szeredi
2005-05-13 23:09 ` Bryan Henderson
2005-05-14 6:58 ` Miklos Szeredi
2005-05-16 18:35 ` Bryan Henderson
2005-05-14 11:49 ` Jamie Lokier
2005-05-04 13:47 ` Martin Waitz
2005-05-04 14:34 ` Miklos Szeredi
2005-05-11 8:53 ` Christoph Hellwig
2005-05-11 8:48 ` Christoph Hellwig
2005-05-11 10:20 ` Miklos Szeredi
2005-05-16 9:34 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1115969123.6248.336.camel@localhost \
--to=linuxram@us.ibm.com \
--cc=7eggert@gmx.de \
--cc=ericvh@gmail.com \
--cc=hch@infradead.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=smfrench@austin.rr.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).