[Devel] [patch] ext: prevent panic inside of containers

Vasily Averin vvs at parallels.com
Mon Jan 24 06:29:39 PST 2011


Vasily, Solar Designer,

first of all thank you very much for your report!
For me it looks like security issue, however it do not affect default 
containers, because of neither loopback nor real devices cannot be mounted 
without additional permission.

thank you,
	Vasily Averin

On 01/24/2011 04:02 PM, Vasiliy Kulikov wrote:
> Hi Dmitry,
>
> On Mon, Jan 24, 2011 at 15:40 +0300, Dmitry wrote:
>> This is no sufficient to make loopdev safe.
>> Loop devices inside container is very dangerous thing because
>> others filesystems
>
> Aren't all other nonvirtual filesystems disabled inside of containers?
> I see only ext2/3 in VE's /proc/filesystem, even ext4 is not available
> here (but it's available on HN).
>
>> (except ext234) has no well defined panic semantics,
>
> Do you mean that they don't gracefully handle specially crafted
> filesystems?  Agreed, but then with errors=panic ext2/3/4 is not safe too.
>
>> BTW: in case of bad will frequent loop device corruption inside
>> container result in massive dangerous messages which makes HW-node
>> administrator's life a complete nightmare.
>
> These log messages may be limited.  However, IMO they should be logged
> at least once per VEID.
>
>> That's why loop device is prohibited inside container by default.
>
> If you protest against only loop case - the same can be achieved with
> common block device forwarding: run mkfs.ext2 on it, manually corrupt
> and enjoy.
>
>
> Thanks,
>




More information about the Devel mailing list