Quoting Stéphane Graber ([email protected]): > The tmpfs was mounted with its default mode (1777) which was then picked > up by overlayfs/aufs as the target's mode. > > This led to a world writable / in ephemeral containers. > > I have confirmed that this issue doesn't impact lxc-clone. > > Signed-off-by: Stéphane Graber <[email protected]>
Acked-by: Serge E. Hallyn <[email protected]> > --- > src/lxc/lxc-start-ephemeral.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in > index 822f802..d5690b2 100644 > --- a/src/lxc/lxc-start-ephemeral.in > +++ b/src/lxc/lxc-start-ephemeral.in > @@ -219,7 +219,7 @@ LXC_NAME="%s" > fd.write("mkdir -p %s %s\n" % (target, entry[1])) > > if args.storage_type == "tmpfs": > - fd.write("mount -n -t tmpfs none %s\n" % (target)) > + fd.write("mount -n -t tmpfs -o mode=0755 none %s\n" % (target)) > > if args.union_type == "overlayfs": > fd.write("mount -n -t overlayfs" > -- > 1.9.0 > > _______________________________________________ > lxc-devel mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-devel _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
