/snap-confine

drop 'owner' check on mountinfo and allow write to @{PROC}/[0-9]*/attr/current #167

Merged
merged 1 commit into from Oct 6, 2016

Conversation

Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@jdstrand @tyhicks
@jdstrand
Contributor

jdstrand commented Oct 6, 2016

Due to a kernel bug, the ouid is not being set correctly for /proc accesses by
setuid processes running in user namespaces. While the kernel needs to be
fixed, drop the 'owner' match on @{PROC}/*/mountinfo for now.

Since we are using aa_change_hat(), snap-confine needs to be able to write to
@{PROC}/[0-9]*/attr/current.

Bug: https://launchpad.net/bugs/1630789
@jdstrand
drop 'owner' check on mountinfo and allow write to @{PROC}/[0-9]*/att… 
…r/current

Due to a kernel bug, the ouid is not being set correctly for /proc accesses by
setuid processes running in user namespaces. While the kernel needs to be
fixed, drop the 'owner' match on @{PROC}/*/mountinfo for now.

Since we are using aa_change_hat(), snap-confine needs to be able to write to
@{PROC}/[0-9]*/attr/current.

Bug: https://launchpad.net/bugs/1630789
06a8c9d
@jdstrand
Contributor

jdstrand commented Oct 6, 2016

Fyi, the test is failing for an unrelated reason: 2016/10/06 14:14:03 Cannot allocate linode:ubuntu-16.04-64-grub: authentication failed
@tyhicks
Collaborator

tyhicks commented Oct 6, 2016

Looks good to me. Thanks!
@jdstrand
Contributor

jdstrand commented Oct 6, 2016

This has been uploaded to Ubuntu 16.10.

@jdstrand jdstrand merged commit c5a1dbc into snapcore:master Oct 6, 2016
1 check failed

1 check failed

continuous-integration/travis-ci/pr The Travis CI build failed
Details

@jdstrand jdstrand deleted the jdstrand:lp1630789 branch Nov 10, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment