Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
rootfs: always pivot_root(2) and treat --no-pivot as a fallback
Despite the hardenings we've added to the MS_MOVE+chroot dance over the years like commit 28a697c ("rootfs: umount all procfs and sysfs with --no-pivot"), --no-pivot is fundamentally insecure and the primary reason why people use it (to run containers from initramfs) can now be done safely with pivot_root(2). So we should always try to pivot_root(2) and give a warning to the user that their configuration is insecure if we have to use the --no-pivot fallback (users should not see this message in practice, because the primary users that couldn't use pivot_root(2) now can and will transparently use it if possible). Signed-off-by: Aleksa Sarai <[email protected]>
- Loading branch information