touch-packages team mailing list archive

Thread
Date

[Bug 1454057] Re: mounts are shared by default on ubuntu 15.04

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Martin Pitt <martin.pitt@xxxxxxxxxx>
Date: Mon, 18 May 2015 08:22:55 -0000
Reply-to: Bug 1454057 <1454057@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The problem with schroot is tracked in bug 1430557. The original
reporter here already asked to close it, most other distros (all with
systemd, including Fedora, SUSE, Arch, and most importantly Debian) now
default to shared namespaces. Also, nspawn works perfectly well on
Ubuntu and people are using it. Hence I still consider this "wontfix" --
let's fix schroot instead, which needs to happen anyway given that
regardless of the distro default the admin can still set the default
mount policy or individual mounts to being "shared".

** Changed in: systemd (Ubuntu)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1454057

Title:
  mounts are shared by default on ubuntu 15.04

Status in systemd package in Ubuntu:
  Won't Fix

Bug description:
  Ubuntu 15.04:
      nir@reed:~$ grep '/ / ' /proc/self/mountinfo
      21 0 8:5 / / rw,relatime shared:1 - ext4 /dev/disk/by-uuid/70f9850c-8ebd-4881-a504-e14ec8d37f66 rw,discard,errors=remount-ro,data=ordered

  Ubuntu 14.10:
      nir@pilgrim:~$ grep '/ / ' /proc/self/mountinfo
      21 0 8:1 / / rw,relatime - ext4 /dev/disk/by-uuid/1d8ff8a8-6026-48dd-b6ce-e52b46c1f33d rw,errors=remount-ro,data=ordered

  This breaks CLONE_NEWNS and may present a security threat since
  process' private mounts are viewable to all and will persist after the
  process exits.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1454057/+subscriptions