On 22/11/2023 19:48, Andrew Cooper wrote:
On 22/11/2023 7:46 pm, Andrew Cooper wrote:
On 06/11/2023 3:05 pm, Alejandro Vallejo wrote:
This is important in order for every mount done inside a mount namespace to
go away after the namespace itself goes away. The comment referring to
unreliability in Linux 4.19 was just wrong.
This patch sets the story straight and makes the depriv pygrub a bit more
confined should a layer of the onion be vulnerable.
Signed-off-by: Alejandro Vallejo <alejandro.vall...@cloud.com>
Acked-by: Andrew Cooper <andrew.coop...@citrix.com>
Sorry, wants
Fixes: e0342ae5556f ("tools/pygrub: Deprivilege pygrub")
too. Will fix on commit.
~Andrew
Sounds good.
Cheers,
Alejandro
