Re: [libvirt] [RFC PATCH 2/2] LXC: Create ro overlay mounts only if we're not within a user namespace
On 06/26/2013 04:39 AM, Daniel P. Berrange wrote:
On Thu, Jun 13, 2013 at 08:02:18PM +0200, Richard Weinberger wrote:
> Within a user namespace root can remount these filesysems at any
> time rw.
> Create these mappings only if we're not playing with user namespaces.
This is a problem with the way we're initializing mounts in the
user namespace.
This problem exists even libvirt lxc doesn't support user namespace.
We need to ensure that the initial mounts setup
by libvirt can't be changed by admin inside the container. Preventing
the container admin from remounting or unmounting these mounts is key
to security.
IIUC, the only way to ensure this is to start a new user namespace
/after/ setting up all mounts.
start a new user namespace means the container will lose controller of
mount namespace. so the container can't do mount operation too, though
we only can mount a little of filesystems in un-init user namespace.
So maybe we should fix this problem by selinux.