[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively

To: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Andrew Cooper <andcooper@xxxxxxxxx>
Date: Wed, 22 Nov 2023 19:46:25 +0000
Cc: Wei Liu <wl@xxxxxxx>, Anthony PERARD <anthony.perard@xxxxxxxxxx>
Delivery-date: Wed, 22 Nov 2023 19:46:31 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 06/11/2023 3:05 pm, Alejandro Vallejo wrote:
> This is important in order for every mount done inside a mount namespace to
> go away after the namespace itself goes away. The comment referring to
> unreliability in Linux 4.19 was just wrong.
>
> This patch sets the story straight and makes the depriv pygrub a bit more
> confined should a layer of the onion be vulnerable.
>
> Signed-off-by: Alejandro Vallejo <alejandro.vallejo@xxxxxxxxx>

Acked-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Follow-Ups:
- Re: [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively
  - From: Andrew Cooper

References:
- [PATCH 0/6] Pygrub security enhancements and bugfixes
  - From: Alejandro Vallejo
- [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively
  - From: Alejandro Vallejo

Prev by Date: Re: [PATCH] x86/mem_sharing: Release domain if we are not able to enable memory sharing
Next by Date: Re: [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively
Previous by thread: [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively
Next by thread: Re: [PATCH 1/6] tools/pygrub: Set mount propagation to private recursively
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.