mirror of
https://github.com/moby/moby.git
synced 2022-11-09 12:21:53 -05:00
92e45b81e0
libdm currently has a fairly substantial DoS bug that makes certain operations fail on a libdm device if the device has active references through mountpoints. This is a significant problem with the advent of mount namespaces and MS_PRIVATE, and can cause certain --volume mounts to cause libdm to no longer be able to remove containers: % docker run -d --name testA busybox top % docker run -d --name testB -v /var/lib/docker:/docker busybox top % docker rm -f testA [fails on libdm with dm_task_run errors.] This also solves the problem of unprivileged users being able to DoS docker by using unprivileged mount namespaces to preseve mounts that Docker has dropped. Signed-off-by: Aleksa Sarai <asarai@suse.de> |
||
|---|---|---|
| .. | ||
| aufs | ||
| btrfs | ||
| devmapper | ||
| graphtest | ||
| lcow | ||
| overlay | ||
| overlay2 | ||
| overlayutils | ||
| quota | ||
| register | ||
| vfs | ||
| windows | ||
| zfs | ||
| counter.go | ||
| driver.go | ||
| driver_freebsd.go | ||
| driver_linux.go | ||
| driver_solaris.go | ||
| driver_unsupported.go | ||
| driver_windows.go | ||
| fsdiff.go | ||
| plugin.go | ||
| proxy.go | ||