Bug#1034485: os-prober expects to run in a new private mount namespace, but new namespace is not private
Package: os-prober
Version: 1.81
Severity: normal
Dear Maintainer,
During execution of os-prober, other processes on the system can see the
temporary mounts to /var/lib/os-prober/mount even though os-prober runs
in a separate mount namespace.
In order to run os-prober in a more isolated mode, we introduced the
newns.c source file a while ago. We build it to a binary and ship it in
os-prober and os-prober-udeb.
The original idea was to run os-prober in a private mount namespace.
Sadly, calling the unshare(CLONE_NEWNS) system call is only enough to
create a new mount namespace. But it is not enough to make the new
namespace private.
While we can patch newns.c to make the new mount namespace private,
relying on unshare(1) from util-linux (which is an essential package)
seems like a more viable option.
I will open a PR with a potential fix.
Thanks,
Olivier
See also:
https://github.com/util-linux/util-linux/commit/f0f22e9c6f109f8c1234caa3173368ef43b023eb
-- System Information:
Debian Release: bookworm/sid
APT prefers lunar
APT policy: (500, 'lunar')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.1.0-16-generic (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages os-prober depends on:
ii grub-common 2.06-2ubuntu16
ii libc6 2.37-0ubuntu2
ii mount 2.38.1-4ubuntu1
os-prober recommends no packages.
os-prober suggests no packages.
-- no debconf information
Reply to: