[lxc-devel] Passed: lxc/lxc#5442 (stable-3.0 - 8d6ee0c)

Travis CI builds at travis-ci.org
Fri Jun 29 16:35:01 UTC 2018


Build Update for lxc/lxc
-------------------------------------

Build: #5442
Status: Passed

Duration: 1 min and 54 secs
Commit: 8d6ee0c (stable-3.0)
Author: Christian Brauner
Message: autodev: adapt to changes in Linux 4.18

Starting with commit
55956b59df33 ("vfs: Allow userns root to call mknod on owned filesystems.")
Linux will allow mknod() in user namespaces for userns root if CAP_MKNOD is
available.
However, these device nodes are useless since

static struct super_block *alloc_super(struct file_system_type *type, int flags,
                                       struct user_namespace *user_ns)
{
        /* <snip> */

        if (s->s_user_ns != &init_user_ns)
                s->s_iflags |= SB_I_NODEV;

        /* <snip> */
}

will set the SB_I_NODEV flag on the filesystem. When a device node created in
non-init userns is open()ed the call chain will hit:

bool may_open_dev(const struct path *path)
{
        return !(path->mnt->mnt_flags & MNT_NODEV) &&
                !(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
}

which will cause an EPERM because the device node is located on an fs
owned by non-init-userns and thus doesn't grant access to device nodes due to
SB_I_NODEV.

The solution is straightforward. Unless you're real root you should bind-mount
device nodes.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>

View the changeset: https://github.com/lxc/lxc/compare/58465a03436e...8d6ee0ca9df0

View the full build log and details: https://travis-ci.org/lxc/lxc/builds/398325446?utm_source=email&utm_medium=notification

--

You can configure recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications







This email was sent to lxc-devel at lists.linuxcontainers.org (mailto:lxc-devel at lists.linuxcontainers.org)
unsubscribe from this list (http://clicks.travis-ci.com/track/unsub.php?u=14313403&id=2165c9ef06254092b50810ff9ccd7186.G67hpJQt4vUBWdedctfRFHagz1o%3D&r=https%3A%2F%2Fmandrillapp.com%2Funsub%3Fmd_email%3Dlxc-devel%2540lists.linuxcontainers.org)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180629/a076d79a/attachment.html>


More information about the lxc-devel mailing list