Re: [libvirt] [GIT PULL] namespace updates for v3.17-rc1
Am 21.08.2014 15:12, schrieb Christoph Hellwig:
On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman wrote:
> Richard Weinberger <richard.weinberger(a)gmail.com> writes:
>
>> On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman <ebiederm(a)xmission.com>
wrote:
>>
>> This commit breaks libvirt-lxc.
>> libvirt does in lxcContainerMountBasicFS():
>
> The bugs fixed are security issues, so if we have to break a small
> number of userspace applications we will. Anything that we can
> reasonably do to avoid regressions will be done.
Can you explain the security issues in detail? Breaking common
userspace like libvirt-lxc with just a little bit of handwaiving is
entirely unacceptable.
It looks like commit 87b47932f40a11280584bce260cbdb3b5f9e8b7d in
git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git for-next
unbreaks libvirt-lxc.
I hope it hits Linus tree and -stable before the offending commit hits users.
Thanks,
//richard