This also applies when booting systemd without an initramfs. NOSUID is
already set, but not NOEXEC. I proposed that in
https://github.com/systemd/systemd/pull/1265
** Changed in: systemd (Ubuntu)
Status: Invalid => In Progress
--
You received this bug notification because you are a
This also applies when booting systemd without an initramfs. NOSUID is
already set, but not NOEXEC. I proposed that in
https://github.com/systemd/systemd/pull/1265
** Changed in: systemd (Ubuntu)
Status: Invalid => In Progress
--
You received this bug notification because you are a
Daniel, would you mind forwarding the initramfs-tools change to a Debian
bug report?
** Changed in: initramfs-tools (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: initramfs-tools (Ubuntu)
Status: New => Triaged
** Changed in: initramfs-tools (Ubuntu)
Status: Triaged
Applied the udev.init change in http://anonscm.debian.org/cgit/pkg-
systemd/systemd.git/commit/?id=63dff1e2132b for Debian. But it is
totally irrelevant for Ubuntu, as we don't support SysV init. Under
upstart /etc/init/udev does not do any mounting, it relies on mountall
to do that, thus this
Applied the udev.init change in http://anonscm.debian.org/cgit/pkg-
systemd/systemd.git/commit/?id=63dff1e2132b for Debian. But it is
totally irrelevant for Ubuntu, as we don't support SysV init. Under
upstart /etc/init/udev does not do any mounting, it relies on mountall
to do that, thus this
Daniel, would you mind forwarding the initramfs-tools change to a Debian
bug report?
** Changed in: initramfs-tools (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: initramfs-tools (Ubuntu)
Status: New => Triaged
** Changed in: initramfs-tools (Ubuntu)
Status: Triaged
** Changed in: initramfs-tools (Ubuntu)
Status: Fix Committed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage
** Changed in: initramfs-tools (Ubuntu)
Status: Fix Committed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
** Patch added: "Patch for host, package udev, on top of a current wily
installation"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463061/+files/udev.patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is
** Patch added: "Patch for host, package initramfs-tools, on top of a current
wily installation"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463062/+files/initramfs-tools.patch
--
You received this bug notification because you are a member of Ubuntu
Server
** Patch added: "Patch for host, package initramfs-tools, on top of a current
wily installation"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463062/+files/initramfs-tools.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs,
** Patch added: "Patch for host, package udev, on top of a current wily
installation"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463061/+files/udev.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
** Patch added: "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue on the host,
/dev/.lxc"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463050/+files/lxc-noexec-host.patch
--
You received this bug notification because you are
** Patch added: "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue on the host,
/dev/.lxc"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463050/+files/lxc-noexec-host.patch
--
You received this bug notification because you are
** Patch added: "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue in the container,
NOT /dev/.lxc on the host"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463049/+files/lxc-noexec.patch
--
You received this bug notification
** Patch added: "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue in the container,
NOT /dev/.lxc on the host"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463049/+files/lxc-noexec.patch
--
You received this bug notification
The attachment "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue in the
container, NOT /dev/.lxc on the host" seems to be a patch. If it isn't,
please remove the "patch" flag from the attachment, remove the "patch"
tag, and if you are a member of the
The attachment "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue in the
container, NOT /dev/.lxc on the host" seems to be a patch. If it isn't,
please remove the "patch" flag from the attachment, remove the "patch"
tag, and if you are a member of the
** Changed in: lxc (Ubuntu)
Importance: Undecided = Wishlist
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage
** Changed in: lxc (Ubuntu)
Importance: Undecided = Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage notifications about
That's not really true. On my system for example, the directory
/dev/vboxusb/ exists with permissions
drwxr-x--- 4 root vboxusers 80 Mai 4 09:09 /dev/vboxusb/
So all users which are in group vboxusers can write to this sub-
directory. I'm sure there are more cases like this...
--
You received
Try this:
onlyauser@mymachine:~$ cat /dev/.lxc/user/call-me.sh .e
#!/bin/sh
echo I'm executable
.e
onlyauser@mymachine:~$ chmod +x /dev/.lxc/user/call-me.sh
onlyauser@mymachine:~$ /dev/.lxc/user/call-me.sh
I'm executable
--
You received this bug notification because you are a member of
Ok, my fault. No write permission for the group.
But anyway, I think there is no reason to not use both nosuid and noexec
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
Ok, my fault. No write permission for the group.
But anyway, I think there is no reason to not use both nosuid and noexec
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file
That's not really true. On my system for example, the directory
/dev/vboxusb/ exists with permissions
drwxr-x--- 4 root vboxusers 80 Mai 4 09:09 /dev/vboxusb/
So all users which are in group vboxusers can write to this sub-
directory. I'm sure there are more cases like this...
--
You received
Try this:
onlyauser@mymachine:~$ cat /dev/.lxc/user/call-me.sh .e
#!/bin/sh
echo I'm executable
.e
onlyauser@mymachine:~$ chmod +x /dev/.lxc/user/call-me.sh
onlyauser@mymachine:~$ /dev/.lxc/user/call-me.sh
I'm executable
--
You received this bug notification because you are a member of
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: systemd (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: lxc (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: lxc (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: systemd (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
/dev/ is only writable for root and noexec is fairly useless to be
honest, but adding nosuid might be a nice little improvement. /dev/pts
and /dev/shm have restricted mount options as well, after all.
** Changed in: systemd (Ubuntu)
Importance: Undecided = Wishlist
** Changed in: systemd
/dev/ is only writable for root and noexec is fairly useless to be
honest, but adding nosuid might be a nice little improvement. /dev/pts
and /dev/shm have restricted mount options as well, after all.
** Changed in: systemd (Ubuntu)
Importance: Undecided = Wishlist
** Changed in: systemd
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage notifications
34 matches
Mail list logo