[Pkg-systemd-maintainers] Bug#734813: Bug#734813: systemd as pid1 allows lxc-containers to unmount host filesystems
Michael Stapelberg
stapelberg at debian.org
Fri Jan 10 07:08:18 GMT 2014
Hi Paul,
Paul Tagliamonte <paultag at debian.org> writes:
> A workaround was sent to me in a gist[2], but I've not tried it yet.
> Seems like it'd work. Another workaround given was to do:
>
> for MNT in $(awk '{print $2}' /proc/mounts | sort -u) ; do
> mount --make-rprivate $MNT;
> done
This needs to have #731574 resolved first, because of a bug in mount(8).
> Both are pretty ugly, and I really don't want to have to run this. Can
> Debian systemd please revert this behavior?
No. This would need to happen upstream, and then we can cherry-pick the
fix. But in general we don’t want to divert from upstream. FWIW, docker
on CoreOS has ExecStartPre=/bin/mount --make-rprivate / in its unit
file to fix this — but as I said, that requires a newer mount(8).
I’m inclined to just mark this as a duplicate of #731574, or let you
reassign it to lxc, which seems to have support for dealing with shared
mountpoints as you wrote on IRC. Let me know which one you prefer.
--
Best regards,
Michael
More information about the Pkg-systemd-maintainers
mailing list