From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by sourceware.org (Postfix) with ESMTPS id C167D3858422 for ; Thu, 18 Nov 2021 20:18:16 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org C167D3858422 Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-549-zn2LYVZPN76A1INQM2qXig-1; Thu, 18 Nov 2021 15:18:14 -0500 X-MC-Unique: zn2LYVZPN76A1INQM2qXig-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E891A1054F9A for ; Thu, 18 Nov 2021 20:18:13 +0000 (UTC) Received: from greed.delorie.com (ovpn-112-12.phx2.redhat.com [10.3.112.12]) by smtp.corp.redhat.com (Postfix) with ESMTPS id BDDAC67847; Thu, 18 Nov 2021 20:18:13 +0000 (UTC) Received: from greed.delorie.com.redhat.com (localhost [127.0.0.1]) by greed.delorie.com (8.15.2/8.15.2) with ESMTP id 1AIKICtx2960099; Thu, 18 Nov 2021 15:18:12 -0500 From: DJ Delorie To: Florian Weimer Cc: libc-alpha@sourceware.org Subject: Re: [patch v3] Allow for unpriviledged nested containers In-Reply-To: <875yspdyr4.fsf@oldenburg.str.redhat.com> Date: Thu, 18 Nov 2021 15:18:12 -0500 Message-ID: MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-6.5 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2021 20:18:18 -0000 IIRC part of the unshared pid namespace was to test processes that act differently if they're pid 1 (init) but I don't think we have any of those yet. Certainly the unshared mount namespace has been used to test corrupt config files etc. But the security issue is for the CICD tools, which test unvetted patches from the mailing list. Bind mounting /proc doesn't exit that security (it just gives you the same /proc the build already saw) but *enabling* a non-bind-mounted proc means giving security privs to the build that I'd rather not give. Florian Weimer writes: >> One process can have different PIDs depending on how you look at it. > > Then elf/tst-pldd should be fine with 4. Sure, but if getpid() returns 4, and /proc/4/ is for a different process (or doesn't exist), the test fails. pldd would have to know the pid in the parent's namespace, for the same process, which might be something like /proc/41768423/ instead of /proc/4/ I wouldn't be surprised if /proc/self/ referred to the wrong process too.