[klibc] [PATCH 6/8] switch_root: Fix single file mounts
Mike Waychison
mikew at google.com
Thu Jul 28 10:26:06 PDT 2011
On Wed, Jul 27, 2011 at 12:42 PM, maximilian attems <max at stro.at> wrote:
> On Mon, 18 Jul 2011, Michal Suchanek wrote:
>
>> Hello,
>>
>> Excerpts from maximilian attems's message of Wed Jul 13 15:48:31 +0200 2011:
>> > From: Michal Suchanek <michal.suchanek at ruk.cuni.cz>
>> >
>> > The root of the failure is that nuke cannot cope with file
>> > mounts (single files mounted, not directories). These are the result of
>> > using fuse to get to the root filesystem (httpfs, curlftpfs).
Why not just add support for unmounting the file?
>> >
>> > This fixes
>> > http://bugs.debian.org/476268
>>
>> thanks for looking into this.
>>
>> Since this is a long-standing issue I wrapped the file mount in a tmpfs
>> mount as a workaround.
How does this work?
>>
>> I hope this makes life easier for people trying to use klibc in the
>> future.
>
> after the post I'm less convinced of this patchset.
> What is the meaning of such a left mounted tmpfs in initramfs?
> One can't access it afterwards from the new root.
>
> as you can read in the following post mikew also opted for the
> strict error http://www.zytor.com/pipermail/klibc/2011-July/003002.html
> handling as it is currently done in run-init.
I deliberately fail on error in the above only if the new command line
flag is specified, as ignoring the errors would imply a failure of
matching the intentions of the flag, which can be detrimental because
the intent is to restrict userland's posix capabilities (as a security
measure).
>
> the util-linux switch_root is in contrary very lax, but that
> way dev errors can't be catched.
Agreed. If anything we should fix the cases that can be handled
(like unmounting of files) and complain loudly with developer-oriented
messages in the logs whenever we gracefully fail in the nuke case.
>
> --
> maks
>
> P.S. adding relevant people on the cc.
>
More information about the klibc
mailing list