It would appear this has always been the case, and probably is not a
bug. We will work around it in lxc.
I think what is happening is: in pivot_root, the new root is mounted
over the struct path of the previous current->fs->root (using
attach_mnt). Since current->fs->root after a chroot was not absolute,
the chroot escape can still escape. In fact in the example scripts,
where we chrooted to /mnt, we can see after the chrootbreak that our new
root is under /mnt/root.
** Changed in: linux (Ubuntu)
Status: Triaged => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1377267
Title:
On trusty I can break out of pivot_root chroot
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1377267/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
