[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#46292: more info
|
From: |
Lucas Nussbaum |
|
Subject: |
bug#46292: more info |
|
Date: |
Wed, 10 Feb 2021 07:04:03 +0100 |
|
User-agent: |
Mutt/1.10.1 (2018-07-13) |
Hi,
This is not due to NFS, but due to the fact that the NFS mount is
mounted nosuid (and nodev, probably). I can reproduce it on a local
filesystem mounted nosuid.
It seems that, when remounting a bind mount which is originally nosuid
inside a mount ns, you need to specify explicitely the nosuid option, or
else can_change_locked_flags()[1] will return false.
[1] https://github.com/torvalds/linux/blame/master/fs/namespace.c#L2480
There's a concept of "locked mount flags" that cannot be cleared by a
less privileged user (see [2]). Our call to 'mount -o remount' ignores the
fact that the filesystem is mounted nosuid (and does not include this
flag), so the remount call tries to remove nosuid, and fails.
[2]
https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705
This probably needs to be fixed in Guix by fetching the current mount
flags and including them in the bind+remount+readonly call.
Unfortunately I did not find an easy way to convert mount flags in
/proc/$$/mountinfo to flags for the mount syscall...
Lucas
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Ludovic Courtès, 2021/02/04
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), zimoun, 2021/02/04
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Ludovic Courtès, 2021/02/04
- bug#46292: more info,
Lucas Nussbaum <=
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Ludovic Courtès, 2021/02/18
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Lucas Nussbaum, 2021/02/18
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Ludovic Courtès, 2021/02/22
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Lucas Nussbaum, 2021/02/22
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Ludovic Courtès, 2021/02/22
- bug#46292: [PATCH 1/3] syscalls: Define MS_RELATIME., Ludovic Courtès, 2021/02/22
- bug#46292: [PATCH 2/3] syscalls: Add 'mounts' and the <mount> record type., Ludovic Courtès, 2021/02/22
- bug#46292: [PATCH 3/3] file-systems: 'mount-file-system' preserves source flags for bind mounts., Ludovic Courtès, 2021/02/22
- bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Ludovic Courtès, 2021/02/25
bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian), Ludovic Courtès, 2021/02/18