[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively



On 22/11/2023 19:48, Andrew Cooper wrote:
On 22/11/2023 7:46 pm, Andrew Cooper wrote:
On 06/11/2023 3:05 pm, Alejandro Vallejo wrote:
This is important in order for every mount done inside a mount namespace to
go away after the namespace itself goes away. The comment referring to
unreliability in Linux 4.19 was just wrong.

This patch sets the story straight and makes the depriv pygrub a bit more
confined should a layer of the onion be vulnerable.

Signed-off-by: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>
Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Sorry, wants

Fixes: e0342ae5556f ("tools/pygrub: Deprivilege pygrub")

too.  Will fix on commit.

~Andrew

Sounds good.

Cheers,
Alejandro



 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.