On Fri, Apr 26, 2024 at 12:38:17PM -0700, Kees Cook wrote:
On Fri, Apr 26, 2024 at 07:22:49PM +0200, Mickaël Salaün wrote:
According to the test environment, the mount point of the test's working directory may be shared or not, which changes the visibility of the nested "tmp" mount point for the test's parent process calling umount("tmp").
This was spotted while running tests on different Linux distributions, with different mount point configurations.
Which distros did what?
Actually it's not related to distros, but rather container runtime (Docker) vs. non-container environment. With Docker (at least on my environment) all mount points are private, which is not the case (by default) when running the same UML environment not in a container. See https://github.com/landlock-lsm/landlock-test-tools/pull/4
I'll update the description.