Re: DoS with unprivileged mounts

From: Andy Lutomirski
Date: Wed Aug 14 2013 - 15:26:34 EST

On 08/14/2013 10:42 AM, Miklos Szeredi wrote:
> There's a simple and effective way to prevent unlink(2) and rename(2)
> from operating on any file or directory by simply mounting something
> on it. In any mount instance in any namespace.
> Was this considered in the unprivileged mount design?
> The solution is also theoretically simple: mounts in unpriv namespaces
> are marked "volatile" and are dissolved on an unlink type operation.

I'd actually prefer the reverse: unprivileged mounts don't prevent
unlink and rename. If the dentry goes away, then the mount could still
exist, sans underlying file. (This is already supported on network

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at