On Thu, 20.11.14 14:48, Martin Pitt ([email protected]) wrote: > > Sounds resonable. But first, can you elaborate on the reason for 0700 > > rather than 0755? > > Mostly so that users on the host can't call suid root binaries in the > container. If containers are restricted with selinux/apparmor or > started as user (both happens in Ubuntu for LXC, for example) this > would open a way to escalate root privs in a container into root privs > on the host. https://launchpad.net/bugs/1244635 has the > details/history of this. > > I know that upstream systemd doesn't ship AppArmor/SELinux profiles, > and thus your stanza is that containers are inherently insecure. So if > you aren't convinced by the calling of suid root binaries, 0755 is > also ok for upstream, or we just skip this part entirely (it's really > just a small detail, after all). > > Patch attached.
OK, applied. Thanks. > diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c > index c2311b3..5a80cf2 100644 > --- a/src/nspawn/nspawn.c > +++ b/src/nspawn/nspawn.c > @@ -124,6 +124,7 @@ static bool arg_private_network = false; > static bool arg_read_only = false; > static bool arg_boot = false; > static LinkJournal arg_link_journal = LINK_AUTO; > +static bool link_journal_try = false; So far we prefixed all variables parsed from command line arguments with "arg_", please follow the same scheme for this. Otherwise looks great! Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
