linux - Bind mount not visible when created from a CGI script in Apache -


my application allows user bind mount source directory target mount point. working correctly except mount not exist outside process corrected it.

i have boiled down issue simple script. 

#!/bin/bash echo "content-type: text/html" echo "" echo ""  echo "<p>hello</p>"  echo "<p>results pid #{$$}:</p>" echo "<ul>"   c="sudo mkdir /shares/target"   echo "<li>executed '$c', results: " $(eval $c) "</li>"    c="sudo mount --bind /root/source /shares/target"   echo "<li>executed '$c', results: " $(eval $c) "</li>"    c="sudo mount | grep shares"   echo "<li>executed '$c', results: " $(eval $c) "</li>"    c="sudo cat /proc/mounts | grep shares"   echo "<li>executed '$c', results: " $(eval $c) "</li>" echo "</ul>"

the first 2 commands create mount point , execute mount. last 2 commands verify result. script executes without issue. however, mount not visible or available in separate shell process. executing last 2 commands in separate shell not show mount being available. if attempt execute "rm -rf /shares/target" "rm: cannot remove '/shares/target/': device or resource busy”. executing "losf | grep /shares/target" generates no output. in seperate shell have switch apache user mount still not available. have verified apache process not in chroot logging output of "ls /proc/$$/root". points "/".

i running:

  • apache 2.4.6
  • centos 7
  • httpd-2.4.6-31.el7.centos.1.x86_64
  • httpd-tools-2.4.6-31.el7.centos.1.x86_64

i turned logging debug error_log indicates nothing.

thanks in advance.

this behavior due following line in httpd.service systemd unit:

privatetmp=true

from systemd.exec(5) man page:

   privatetmp=        takes boolean argument. if true, sets new file        system namespace executed processes , mounts        private /tmp , /var/tmp directories inside not        shared processes outside of namespace.        [...]        note using setting disconnect propagation of        mounts service host (propagation in        opposite direction continues work). means        setting may not used services shall able        install mount points in main mount namespace.

in other words, mounts made httpd , child processes not visible other processes on host.

the privatetmp directive useful security perspective, described here:

/tmp traditionally has been shared space local services , users. on years has been major source of security problems multitude of services. symlink attacks , dos vulnerabilities due guessable /tmp temporary files common. isolating service's /tmp rest of host, such vulnerabilities become moot.

you can safely remove privatetmp directive unit file (well, don't modify unit file -- create new 1 @ /etc/systemd/system/httpd.service, systemctl daemon-reload, systemctl restart httpd).


Comments

Post a Comment

Popular posts from this blog

1111. appearing after print sequence - php -

morning, i have code takes string of shoe sizes, explodes , puts in table. code works , info displayed correctly on page after table there few 1's after table. i'm confused this. so table looks (in columns of 3 on webpage) available in following sizes: 3 4 5 6 9 10 111 here's codes, purpose of example $x = 3|4|6|10|9 function get_sizes_pipe($x) { $counter = 0; $splits = explode("|",$x); asort($splits); $x = print "<table class='greentable'>"; $x .= print "<thead><tr><th scope='col' colspan='3' abbr='starter'>available in following sizes:</th></tr></thead><tbody><tr>"; foreach ($splits $split) { $entry = print "<td>".$split."</td>"; if($counter == 2){ $entry .= print "</tr><tr>"; $counter =0; } else { $counter++; ...
Read more

java - WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/board/] in DispatcherServlet with name 'appServlet' -

this question has answer here: why spring mvc respond 404 , report “no mapping found http request uri […] in dispatcherservlet”? 3 answers i trying making simple bbs i'm encountering following error, warn : org.springframework.web.servlet.pagenotfound - no mapping found http request uri [/board/] in dispatcherservlet name 'appservlet' i have tried solve error many times, have failed. how can solve error? here web.xml, controllerand , servlet-context. my web.xml <?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-nam...
Read more

Ruby on Rails, ActiveRecord, Postgres, UTF-8 and ASCII-8BIT encodings -

weirdest error, who’s challenge try , me? spent hours yesterday on , it’s magic. can't believe happening , it's driving me crazy. btw, using: rails 4.2.3 ruby 2.2.3 pg 0.18 encoding.default_internal = encoding.default_external = utf-8 config.encoding = 'utf-8' it has postgres, activerecord , encodings! turns out we’ve been getting these errors whenever create new users on database special characters: encoding::undefinedconversionerror: "\xc3" ascii-8bit utf-8 \xc3 may vary depending on characters. weird part we’ve set since beginning utf-8. makes no sense , digged it, , used script: user.all.each |user| user.attributes.each |name, value| if value.is_a? string puts user.email + name.encoding.to_s + value.encoding.to_s end end end and output of 1 of users, users same: dr_lottahelp@blahblah.comutf-8utf-8 dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8ascii-8bit dr_lottahelp@blahblah.comutf-8asci...
Read more