I'm currently cleaning up the loop-devices code and am getting rid of pretty much all of it for security reasons and ease of handling.
For one, losetup's listed paths aren't always accurate when mount-namespaces are involved (you get a path relative to the root of the filesystem the file resides on, eg I get /images/104/vm-104-disk-1.raw instead of the whole /var/lib/vz/...) More importantly if a container has full access to a loop device it can detach the device, freeing it up to be used for the next container that starts, after which it has full access to that other container's disk attached to the same loop device. This is unacceptable. @Alexandre: what's the reason for the cgroup devices.allow listing? This is the part that concerns me. It's fine for non-loop devices, but with loop devices this is a problem. IIRC it was something about resizing, but I'm going to handle this from the outside via an API call, so the container wouldn't be required to access the loop device directly anymore. Is there anything else to consider? Otherwise the loopdevice code will be replaced in favor of `-o loop` as this sets the autoclear flag, which means we don't need to cleanup after loops manually at all. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
