On Thu, Oct 24, 2019 at 11:26:11AM +0100, Daniel P. Berrangé wrote:
> On Wed, Oct 16, 2019 at 05:01:57PM +0100, Stefan Hajnoczi wrote:
> It might be useful to call prctl(PR_SET_PDEATHSIG) here, so that
> if the parent process exits for any reason, the child will be killed
> off too.
[...]
> I feel
On Wed, Oct 16, 2019 at 05:01:57PM +0100, Stefan Hajnoczi wrote:
> virtiofsd needs access to /proc/self/fd. Let's move to a new pid
> namespace so that a compromised process cannot see another other
> processes running on the system.
>
> One wrinkle in this approach: unshare(CLONE_NEWPID) affects
* Stefan Hajnoczi (stefa...@redhat.com) wrote:
> virtiofsd needs access to /proc/self/fd. Let's move to a new pid
> namespace so that a compromised process cannot see another other
> processes running on the system.
>
> One wrinkle in this approach: unshare(CLONE_NEWPID) affects *child*
> process
On Thu, Oct 17, 2019 at 10:45:53AM -0400, Vivek Goyal wrote:
> On Wed, Oct 16, 2019 at 05:01:57PM +0100, Stefan Hajnoczi wrote:
>
> [..]
> > + /*
> > +* If the mounts have shared propagation then we want to opt out so our
> > +* mount changes don't affect the parent mount namespace.
> >
On Wed, Oct 16, 2019 at 05:01:57PM +0100, Stefan Hajnoczi wrote:
[..]
> + /*
> + * If the mounts have shared propagation then we want to opt out so our
> + * mount changes don't affect the parent mount namespace.
> + */
> + if (mount(NULL, "/", NULL, MS_REC|MS_SLAVE, NULL) <
virtiofsd needs access to /proc/self/fd. Let's move to a new pid
namespace so that a compromised process cannot see another other
processes running on the system.
One wrinkle in this approach: unshare(CLONE_NEWPID) affects *child*
processes and not the current process. Therefore we need to fork
