From debbugs-submit-bounces@debbugs.gnu.org Wed Feb 10 03:06:05 2021 Received: (at 46292) by debbugs.gnu.org; 10 Feb 2021 08:06:05 +0000 Received: from localhost ([127.0.0.1]:55379 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l9kVg-0004Q6-Cz for submit@debbugs.gnu.org; Wed, 10 Feb 2021 03:06:05 -0500 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:43478) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l9ibl-0001Ix-Je for 46292@debbugs.gnu.org; Wed, 10 Feb 2021 01:04:15 -0500 X-IronPort-AV: E=Sophos;i="5.81,167,1610406000"; d="scan'208";a="372606394" Received: from xanadu.blop.info ([178.79.145.134]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Feb 2021 07:04:06 +0100 Date: Wed, 10 Feb 2021 07:04:03 +0100 From: Lucas Nussbaum To: 46292@debbugs.gnu.org Subject: more info Message-ID: <20210210060403.GA15175@xanadu.blop.info> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 46292 X-Mailman-Approved-At: Wed, 10 Feb 2021 03:06:02 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, This is not due to NFS, but due to the fact that the NFS mount is mounted nosuid (and nodev, probably). I can reproduce it on a local filesystem mounted nosuid. It seems that, when remounting a bind mount which is originally nosuid inside a mount ns, you need to specify explicitely the nosuid option, or else can_change_locked_flags()[1] will return false. [1] https://github.com/torvalds/linux/blame/master/fs/namespace.c#L2480 There's a concept of "locked mount flags" that cannot be cleared by a less privileged user (see [2]). Our call to 'mount -o remount' ignores the fact that the filesystem is mounted nosuid (and does not include this flag), so the remount call tries to remove nosuid, and fails. [2] https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705 This probably needs to be fixed in Guix by fetching the current mount flags and including them in the bind+remount+readonly call. Unfortunately I did not find an easy way to convert mount flags in /proc/$$/mountinfo to flags for the mount syscall... Lucas