[lxc-devel] [PATCH] lxc-start-ephemeral: Set tmpfs mode to 0755
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Feb 24 14:31:24 UTC 2014
Quoting Stéphane Graber (stgraber at ubuntu.com):
> The tmpfs was mounted with its default mode (1777) which was then picked
> up by overlayfs/aufs as the target's mode.
>
> This led to a world writable / in ephemeral containers.
>
> I have confirmed that this issue doesn't impact lxc-clone.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/lxc-start-ephemeral.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
> index 822f802..d5690b2 100644
> --- a/src/lxc/lxc-start-ephemeral.in
> +++ b/src/lxc/lxc-start-ephemeral.in
> @@ -219,7 +219,7 @@ LXC_NAME="%s"
> fd.write("mkdir -p %s %s\n" % (target, entry[1]))
>
> if args.storage_type == "tmpfs":
> - fd.write("mount -n -t tmpfs none %s\n" % (target))
> + fd.write("mount -n -t tmpfs -o mode=0755 none %s\n" % (target))
>
> if args.union_type == "overlayfs":
> fd.write("mount -n -t overlayfs"
> --
> 1.9.0
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list