** Changed in: systemd (Ubuntu)
Assignee: cristian swing (sed1991s) => (unassigned)
** Changed in: systemd (Ubuntu Focal)
Assignee: cristian swing (sed1991s) => (unassigned)
** Changed in: systemd (Ubuntu Jammy)
Assignee: cristian swing (sed1991s) => (unassigned)
** Changed in:
These metadata edits on this bug and a few others look spammy to me.
Taking the appropriate action now.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1991975
Title:
dev file system is
I'm not too sure if updates from sed1991s above are correct
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1991975
Title:
dev file system is mounted without nosuid or noexec
Status in
** Changed in: linux (Ubuntu Focal)
Status: In Progress => Fix Released
** Changed in: linux (Ubuntu Jammy)
Status: In Progress => Fix Released
** Changed in: systemd (Ubuntu Focal)
Status: Invalid => Fix Released
** Changed in: systemd (Ubuntu Jammy)
Status: Invalid
So where are we on this folks?
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1991975
Title:
dev file system is mounted without nosuid or noexec
Status in linux package in Ubuntu:
Just a heads-up that SGX has been deprecated by Intel:
https://edc.intel.com/content/www/us/en/design/ipla/software-
development-platforms/client/platforms/alder-lake-desktop/12th-
generation-intel-core-processors-datasheet-volume-1-of-2/004/deprecated-
technologies/
===
The processor has
initramfs-tools also mounts /dev with nosuid, without noexec
> mount -t devtmpfs -o nosuid,mode=0755 udev /dev
I believe all of these should be the same, thus kernel can mount /dev
with nosuid, but should not mount it with noexec.
--
You received this bug notification because you are a member
Alright so that means we either need to push a change to remove noexec
from the kernel init code, or we go ahead with noexec, and give people
on option to remount with exec should they want sgx functionality. I do
think the nosuid flag does still provide some benefit even if we decide
not to
FWIW upstream systemd removed the MS_NOEXEC flag from /dev in
https://github.com/systemd/systemd/commit/4eb105fa4aae30566d23382e8c9430eddf1a3dd4.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
./src/nspawn/nspawn-mount.c missing NO_EXEC on /dev
./src/shared/mount-setup.c missing NO_EXEC on /dev
when booting containers
** Changed in: systemd (Ubuntu)
Status: Invalid => New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to
./src/nspawn/nspawn-mount.c missing NO_EXEC on /dev
./src/shared/mount-setup.c missing NO_EXEC on /dev
when booting containers
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1991975
Setting the systemd bug task to "Invalid", as this is being handled in
the kernel.
** Changed in: systemd (Ubuntu)
Status: Confirmed => Invalid
** Changed in: systemd (Ubuntu Focal)
Status: Confirmed => Invalid
** Changed in: systemd (Ubuntu Jammy)
Status: Confirmed =>
** Changed in: linux (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu Focal)
Status: Confirmed => In Progress
** Changed in: linux (Ubuntu Focal)
Assignee: (unassigned) => Dave Chiluk (chiluk)
** Changed in: linux (Ubuntu Jammy)
Importance: Undecided
In case anyone is curious conversation is on-going on the kernel-team mailing
list
https://lists.ubuntu.com/archives/kernel-team/2022-October/133764.html
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
@juliank please test initrd-less boot; for example lxc launch --vm which
uses linux-kvm flavour booted without initrd.
There are differences of the mount options as applied by initramfs-
tools; systemd; and kernel itself.
--
You received this bug notification because you are a member of Kernel
@juliank, is this an aws system? If not there's a good chance that you
are using an initramfs to mount the filesystems. That's definited in
either /etc/init.d/udev or directly out of the init that lives in the
initramfs.
--
You received this bug notification because you are a member of Kernel
On my kinetic system, /dev has nosuid, but no noexec.
** Tags added: foundations-triage-discuss
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1991975
Title:
dev file system is mounted
Here is a workaround for this issue in case anyone finds this in the
future.
Copy remount_dev.service to /etc/systemd/system
sudo chown root:root /etc/systemd/system/remount_dev.service
sudo systemctl daemon-reload
sudo systemctl enable remount_dev.service
Still I think the kernel patch should
18 matches
Mail list logo