Namespace for binfmt?
binfmt_misc (miscelaneous binary formats) is a kernel module which supports the specification of userspace interpreters for binaries executed by userspace. By specifying an invalid binfmt for ELF, it is possible for a confused chroot or package to destroy the ability of the host to execute any binaries.
By introducing a namespace for binfmts, a chroot could be preventd from changing the binary formats usable on the host.
Blueprint information
- Status:
- Not started
- Approver:
- Dave Walker
- Priority:
- Medium
- Drafter:
- Ubuntu Server
- Direction:
- Approved
- Assignee:
- Serge Hallyn
- Definition:
- Approved
- Series goal:
- Accepted for raring
- Implementation:
-
Deferred
- Milestone target:
-
ubuntu-13.04-feature-freeze
- Started by
- Completed by
Whiteboard
User Stories:
Aboo installs qemu-user-
now unable to execute any amd64 elf binaries including sync and
poweroff.
Risks:
Upstream (kernel) rejects the idea.
Test Plans:
* Install
* qemu-user-
* qemu-user-
* Run full ltp, qemu, libvirt, and lxc testsuites on any proposed kernel change.
Release Note:
Notes:
* related bug: http://
* I don't seem able to make qemu-user-static in a i386 chroot on amd64
hot break the host in raring. (in precise i can). Therefore I removed the
work item for adding a check for that condition to qemu-user-
Work Items
Work items:
[cjwatson] write a formal userspace rationale for binfmt namespace: POSTPONED
[smb] (or serge-hallyn) consider querying about a -o newinstance mount option to binfmt_misc filesystem (problem is how toI tie that to task doing exec): POSTPONED
[serge-hallyn] talk to stefan-
[smb] consider implementing binfmt namespace: POSTPONED
Dependency tree
* Blueprints in grey have been implemented.
