[lxc-devel] [PATCH] lxc-start-ephemeral: Set tmpfs mode to 0755
Stéphane Graber
stgraber at ubuntu.com
Sun Feb 23 00:36:12 UTC 2014
The tmpfs was mounted with its default mode (1777) which was then picked
up by overlayfs/aufs as the target's mode.
This led to a world writable / in ephemeral containers.
I have confirmed that this issue doesn't impact lxc-clone.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
src/lxc/lxc-start-ephemeral.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
index 822f802..d5690b2 100644
--- a/src/lxc/lxc-start-ephemeral.in
+++ b/src/lxc/lxc-start-ephemeral.in
@@ -219,7 +219,7 @@ LXC_NAME="%s"
fd.write("mkdir -p %s %s\n" % (target, entry[1]))
if args.storage_type == "tmpfs":
- fd.write("mount -n -t tmpfs none %s\n" % (target))
+ fd.write("mount -n -t tmpfs -o mode=0755 none %s\n" % (target))
if args.union_type == "overlayfs":
fd.write("mount -n -t overlayfs"
--
1.9.0
More information about the lxc-devel
mailing list