On Fri, Aug 21, 2015 at 01:50:31PM +0300, Mantas Mikulėnas wrote: > On Fri, Aug 21, 2015 at 1:43 PM, Dominick Grift <[email protected]> > wrote: > > > On Fri, Aug 21, 2015 at 01:38:28PM +0300, Mantas Mikulėnas wrote: > > > > > > > > Do they have access to `cat /proc/self/mounts`? > > > > Ouch yes... ok that is a dead end i suppose > > > Right. That was my point. Restricting individual commands like `mount` is > no good if you can't restrict the actual mechanism they all use… > > Mount namespaces might help here, as long as you don't use udisks/udisks2 > (which, aside from leaking the same information, wouldn't even function > correctly with per-user namespaces). > > [Though I don't really understand the point of hiding logged-in UIDs at > all... Isn't hidepid=2 enough?]
Yes i agree. it is pretty solid. I suppose i wanted to see how far i could do. This is obviously a no-go > > -- > Mantas Mikulėnas <[email protected]> -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift
pgpGlig2uBZlY.pgp
Description: PGP signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
