This also applies when booting systemd without an initramfs. NOSUID is
already set, but not NOEXEC. I proposed that in
https://github.com/systemd/systemd/pull/1265
** Changed in: systemd (Ubuntu)
Status: Invalid => In Progress
--
You received this bug notification because you are a member
** Changed in: initramfs-tools (Ubuntu)
Status: Fix Committed => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage noti
Daniel, would you mind forwarding the initramfs-tools change to a Debian
bug report?
** Changed in: initramfs-tools (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: initramfs-tools (Ubuntu)
Status: New => Triaged
** Changed in: initramfs-tools (Ubuntu)
Status: Triaged =
Applied the udev.init change in http://anonscm.debian.org/cgit/pkg-
systemd/systemd.git/commit/?id=63dff1e2132b for Debian. But it is
totally irrelevant for Ubuntu, as we don't support SysV init. Under
upstart /etc/init/udev does not do any mounting, it relies on mountall
to do that, thus this need
The attachment "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue in the
container, NOT /dev/.lxc on the host" seems to be a patch. If it isn't,
please remove the "patch" flag from the attachment, remove the "patch"
tag, and if you are a member of the ~ubuntu-revie
** Patch added: "Patch for host, package udev, on top of a current wily
installation"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463061/+files/udev.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubu
** Patch added: "Patch for host, package initramfs-tools, on top of a current
wily installation"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463062/+files/initramfs-tools.patch
--
You received this bug notification because you are a member of Ubuntu
Bugs, whic
** Patch added: "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue on the host,
/dev/.lxc"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463050/+files/lxc-noexec-host.patch
--
You received this bug notification because you are a
** Patch added: "Patch for lxc on top of
f08fee55a1f0ca62c2c97a2d2fd5ef1d7fbae8ee. Solves the issue in the container,
NOT /dev/.lxc on the host"
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1450960/+attachment/4463049/+files/lxc-noexec.patch
--
You received this bug notification b
** Changed in: lxc (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage notifications about
Try this:
onlyauser@mymachine:~$ cat >/dev/.lxc/user/call-me.sh <<.e
> #!/bin/sh
> echo "I'm executable"
> .e
onlyauser@mymachine:~$ chmod +x /dev/.lxc/user/call-me.sh
onlyauser@mymachine:~$ /dev/.lxc/user/call-me.sh
I'm executable
--
You received this bug notification because you are a member o
Ok, my fault. No write permission for the group.
But anyway, I think there is no reason to not use both nosuid and noexec
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file syste
That's not really true. On my system for example, the directory
/dev/vboxusb/ exists with permissions
drwxr-x--- 4 root vboxusers 80 Mai 4 09:09 /dev/vboxusb/
So all users which are in group vboxusers can write to this sub-
directory. I'm sure there are more cases like this...
--
You received
/dev/ is only writable for root and noexec is fairly useless to be
honest, but adding nosuid might be a nice little improvement. /dev/pts
and /dev/shm have restricted mount options as well, after all.
** Changed in: systemd (Ubuntu)
Importance: Undecided => Wishlist
** Changed in: systemd (Ubu
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: lxc (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev fi
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: systemd (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
de
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1450960
Title:
dev file system is mounted without noexec
To manage notifications a
17 matches
Mail list logo
