Your message dated Thu, 13 Oct 2016 17:00:39 +0200 with message-id <c30ed2c7-c00b-2aff-256b-b71532eec...@debian.org> and subject line Bug housekeeping has caused the Debian Bug report #838958, regarding linux: mount(2) _silently_ ignores other mountflags when MS_BIND is set to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 838958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838958 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: linux Severity: important Tags: upstream >From the mount(2) man page: MS_BIND (Linux 2.4 onward) Perform a bind mount, making a file or a directory subtree visible at another point within a filesystem. Bind mounts may cross filesystem boundaries and span chroot(2) jails. The filesystemtype and data arguments are ignored. Up until Linux 2.6.26, mountflags was also ignored (the bind mount has the same mount options as the underlying mount point). Apparently, this applies to recent kernels too (at least 3.16). Silently ignoring user-specified flags can open security holes, e.g. when a sysadm bind-mounts a filesystem for use by a containter, thinking the mount will be read-only: # mount -o bind,ro /usr /containers/X/usr Despite mount returning successfully, container X has /usr mounted read/write, and root inside the container can easily corrupt/subvert the host system. Please keep in mind that recent versions of mount(1) work around the bug, by calling mount() twice (once with the "bind" flag, then with the other flags), but other applications calling mount() directly are usually affected. Best regards, giuseppe -- System Information: Debian Release: 8.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.16.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init)
--- End Message ---
--- Begin Message ---Version: 4.08-1 Hi, this bug should be fixed with the latest upload of manpages. Regards, Tobias
Description: OpenPGP digital signature
--- End Message ---