[lxc-devel] [lxc/master] Unpriv fixups

tych0 on Github lxc-bot at linuxcontainers.org
Fri Jan 26 21:31:08 UTC 2018 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 423 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180126/4354aa8d/attachment.bin>
-------------- next part --------------
From 9650c735c7dd56bb5200b20f85e5b6b0482edb7b Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Fri, 26 Jan 2018 17:43:12 +0000
Subject: [PATCH 1/2] better check for lock dir

Consider the case where we're running in a user namespace but in the host's
mount ns with the host's filesystem (something like
lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we
can't actually write to /run. Let's improve this locking check to make sure
we can actually write to /run before we decide to actually use it as our
locking dir.

Signed-off-by: Tycho Andersen <tycho at tycho.ws>
---
 src/lxc/utils.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 0b8841630..c7812fdac 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -245,8 +245,13 @@ char *get_rundir()
 {
 	char *rundir;
 	const char *homedir;
+	struct stat sb;
+
+	if (stat(RUNTIME_PATH, &sb) < 0) {
+		return NULL;
+	}
 
-	if (geteuid() == 0) {
+	if (geteuid() == sb.st_uid || getegid() == sb.st_gid) {
 		rundir = strdup(RUNTIME_PATH);
 		return rundir;
 	}

From 4fbe33a47b7f280e79b2022326172c1cd5f4385c Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Fri, 26 Jan 2018 21:21:51 +0000
Subject: [PATCH 2/2] better unprivileged detection

In particular, if we are already in a user namespace we are unprivileged,
and doing things like moving the physical nics back to the host netns won't
work. Let's do the same thing LXD does if euid == 0: inspect
/proc/self/uid_map and see what that says.

Signed-off-by: Tycho Andersen <tycho at tycho.ws>
---
 src/lxc/utils.h | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index f8cf26fbf..eb85871f1 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -427,8 +427,34 @@ extern int lxc_strmunmap(void *addr, size_t length);
 /* initialize rand with urandom */
 extern int randseed(bool);
 
-inline static bool am_unpriv(void) {
-	return geteuid() != 0;
+inline static bool am_unpriv(void)
+{
+	FILE *f;
+	uid_t user, host, count;
+	int ret;
+
+	if (geteuid() != 0)
+		return true;
+
+	/* Now: are we in a user namespace? Because then we're also
+	 * unprivileged.
+	 */
+	f = fopen("/proc/self/uid_map", "r");
+	if (!f) {
+		//SYSERROR("couldn't open uid_map");
+		return false;
+	}
+
+	ret = fscanf(f, "%u %u %u", &user, &host, &count);
+	fclose(f);
+	if (ret != 3) {
+		//ERROR("Wrong number of entries (%d) in uid_map?", ret);
+		return false;
+	}
+
+	if (user != 0 || host != 0 || count != UINT32_MAX)
+		return true;
+	return false;
 }
 
 /*

More information about the lxc-devel mailing list