[Devel] [patch] ext: prevent panic inside of containers
Solar Designer
solar at openwall.com
Mon Jan 24 05:01:35 PST 2011
Dmitry,
Thank you for your feedback.
On Mon, Jan 24, 2011 at 03:40:46PM +0300, Dmitry wrote:
> This is no sufficient to make loopdev safe.
...
Yes, we had an internal discussion to the same extent yesterday, but
then Vasiliy thought that it would not hurt to have this specific issue
patched anyway, as long as the patch does not give anyone a false sense
of security. As to this specific patch, with the user-readable messages
in it, I admit I am not sure. Maybe a comment needs to be added as
well, or maybe the patch should be rejected for the "false sense of
security" risk.
> Loop devices inside container is very dangerous thing because
> others filesystems (except ext234) has no well defined panic semantics,
In our internal discussion, Vasiliy informed me that OpenVZ somehow
already had restrictions on filesystem types mountable in containers.
I did not verify this myself (the existence of and rationale behind such
restrictions). To me, the important restriction is the unavailability
of block devices by default. But it might make sense to consider
systems where this has been altered as well... even though we will never
be sure of having taken care of all issues that this opens.
> so there is no guaranties what system survives after critical fs error.
> BTW: in case of bad will frequent loop device corruption inside
> container result in massive dangerous messages which makes HW-node
> administrator's life a complete nightmare.
> That's why loop device is prohibited inside container by default.
Right.
To summarize: we have mixed feelings about this patch, but we thought
we'd let you consider it.
Thanks again,
Alexander
More information about the Devel
mailing list