| Message ID | 1461068980.2435.6.camel@HansenPartnership.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Quoting James Bottomley (James.Bottomley@HansenPartnership.com): > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Thanks, James. Which tree were you thinking this would go in through? > --- > Documentation/binfmt_misc.txt | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/Documentation/binfmt_misc.txt b/Documentation/binfmt_misc.txt > index 6b1de70..ec83bbc 100644 > --- a/Documentation/binfmt_misc.txt > +++ b/Documentation/binfmt_misc.txt > @@ -66,6 +66,13 @@ Here is what the fields mean: > This feature should be used with care as the interpreter > will run with root permissions when a setuid binary owned by root > is run with binfmt_misc. > + 'F' - fix binary. The usual behaviour of binfmt_misc is to spawn the > + binary lazily when the misc format file is invoked. However, > + this doesn't work very well in the face of mount namespaces and > + changeroots, so the F mode opens the binary as soon as the > + emulation is installed and uses the opened image to spawn the > + emulator, meaning it is always available once installed, > + regardless of how the environment changes. > > > There are some restrictions: > -- > 2.6.6 > > _______________________________________________ > Containers mailing list > Containers@lists.linux-foundation.org > https://lists.linuxfoundation.org/mailman/listinfo/containers -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, 2016-04-19 at 14:58 -0500, Serge E. Hallyn wrote: > Quoting James Bottomley (James.Bottomley@HansenPartnership.com): > > Signed-off-by: James Bottomley < > > James.Bottomley@HansenPartnership.com> > > Acked-by: Serge Hallyn <serge.hallyn@canonical.com> > > Thanks, James. Which tree were you thinking this would go in > through? I'm happy to become binfmt_misc maintainer (on the grounds that last to touch it gets to keep it) and thus run my own tree, but I talked to Al at LSF/MM and he thinks it can go through the vfs tree. James > > --- > > Documentation/binfmt_misc.txt | 7 +++++++ > > 1 file changed, 7 insertions(+) > > > > diff --git a/Documentation/binfmt_misc.txt > > b/Documentation/binfmt_misc.txt > > index 6b1de70..ec83bbc 100644 > > --- a/Documentation/binfmt_misc.txt > > +++ b/Documentation/binfmt_misc.txt > > @@ -66,6 +66,13 @@ Here is what the fields mean: > > This feature should be used with care as the > > interpreter > > will run with root permissions when a setuid binary > > owned by root > > is run with binfmt_misc. > > + 'F' - fix binary. The usual behaviour of binfmt_misc is to > > spawn the > > + binary lazily when the misc format file is > > invoked. However, > > + this doesn't work very well in the face of mount > > namespaces and > > + changeroots, so the F mode opens the binary as soon as > > the > > + emulation is installed and uses the opened image to > > spawn the > > + emulator, meaning it is always available once > > installed, > > + regardless of how the environment changes. > > > > > > There are some restrictions: -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/Documentation/binfmt_misc.txt b/Documentation/binfmt_misc.txt index 6b1de70..ec83bbc 100644 --- a/Documentation/binfmt_misc.txt +++ b/Documentation/binfmt_misc.txt @@ -66,6 +66,13 @@ Here is what the fields mean: This feature should be used with care as the interpreter will run with root permissions when a setuid binary owned by root is run with binfmt_misc. + 'F' - fix binary. The usual behaviour of binfmt_misc is to spawn the + binary lazily when the misc format file is invoked. However, + this doesn't work very well in the face of mount namespaces and + changeroots, so the F mode opens the binary as soon as the + emulation is installed and uses the opened image to spawn the + emulator, meaning it is always available once installed, + regardless of how the environment changes. There are some restrictions:
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> --- Documentation/binfmt_misc.txt | 7 +++++++ 1 file changed, 7 insertions(+)