Package: os-prober Version: 1.81 Severity: normal Dear Maintainer,
During execution of os-prober, other processes on the system can see the temporary mounts to /var/lib/os-prober/mount even though os-prober runs in a separate mount namespace. In order to run os-prober in a more isolated mode, we introduced the newns.c source file a while ago. We build it to a binary and ship it in os-prober and os-prober-udeb. The original idea was to run os-prober in a private mount namespace. Sadly, calling the unshare(CLONE_NEWNS) system call is only enough to create a new mount namespace. But it is not enough to make the new namespace private. While we can patch newns.c to make the new mount namespace private, relying on unshare(1) from util-linux (which is an essential package) seems like a more viable option. I will open a PR with a potential fix. Thanks, Olivier See also: https://github.com/util-linux/util-linux/commit/f0f22e9c6f109f8c1234caa3173368ef43b023eb -- System Information: Debian Release: bookworm/sid APT prefers lunar APT policy: (500, 'lunar') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-16-generic (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages os-prober depends on: ii grub-common 2.06-2ubuntu16 ii libc6 2.37-0ubuntu2 ii mount 2.38.1-4ubuntu1 os-prober recommends no packages. os-prober suggests no packages. -- no debconf information