Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.2] dmz: overlay: minor fixups #4530

Merged
merged 4 commits into from
Nov 15, 2024
Merged

[1.2] dmz: overlay: minor fixups #4530

merged 4 commits into from
Nov 15, 2024

Commits on Nov 15, 2024

  1. dmz: overlay: set xino=off to disable dmesg spam 

    If /run/runc and /usr/bin are on different filesystems, overlayfs may
enable the xino feature which results in the following log message:

  kernel: overlayfs: "xino" feature enabled using 3 upper inode bits.

Each time we have to protect /proc/self/exe. So disable xino to remove
the log message (we don't care about the inode numbers of the files
anyway).

Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit 9bc42d6)
Signed-off-by: lfbzhm <[email protected]>
    @cyphar @kolyshkin
    cyphar authored and kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    b1f733b View commit details
    Browse the repository at this point in the history

  2. memfd-bind: mention that overlayfs obviates the need for it 

    Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit aa505bf)
Signed-off-by: lfbzhm <[email protected]>
    @cyphar @kolyshkin
    cyphar authored and kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    2421b59 View commit details
    Browse the repository at this point in the history

  3. readme: drop unused memfd-bind reference 

    Fixes: 871057d ("drop runc-dmz solution according to overlay solution")
Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit b9dfb22)
Signed-off-by: lfbzhm <[email protected]>
    @cyphar @kolyshkin
    cyphar authored and kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    82f3af8 View commit details
    Browse the repository at this point in the history

  4. memfd-bind: elaborate kernel requirements for overlayfs protection 

    Arguably these docs should live elsewhere (especially if we plan to
remove memfd-bind in the future), but for now this is the only place
that fully explains this issue.

Suggested-by: Rodrigo Campos <[email protected]>
Signed-off-by: Aleksa Sarai <[email protected]>
(cherry picked from commit ac43589)
Signed-off-by: lfbzhm <[email protected]>
    @cyphar @kolyshkin
    cyphar authored and kolyshkin committed Nov 15, 2024
    Configuration menu
    Copy the full SHA
    eb676de View commit details
    Browse the repository at this point in the history