[lxc-devel] [lxc/master] Unpriv fixups
tych0 on Github
lxc-bot at linuxcontainers.org
Fri Jan 26 21:31:08 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 423 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180126/4354aa8d/attachment.bin>
-------------- next part --------------
From 9650c735c7dd56bb5200b20f85e5b6b0482edb7b Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Fri, 26 Jan 2018 17:43:12 +0000
Subject: [PATCH 1/2] better check for lock dir
Consider the case where we're running in a user namespace but in the host's
mount ns with the host's filesystem (something like
lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we
can't actually write to /run. Let's improve this locking check to make sure
we can actually write to /run before we decide to actually use it as our
locking dir.
Signed-off-by: Tycho Andersen <tycho at tycho.ws>
---
src/lxc/utils.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 0b8841630..c7812fdac 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -245,8 +245,13 @@ char *get_rundir()
{
char *rundir;
const char *homedir;
+ struct stat sb;
+
+ if (stat(RUNTIME_PATH, &sb) < 0) {
+ return NULL;
+ }
- if (geteuid() == 0) {
+ if (geteuid() == sb.st_uid || getegid() == sb.st_gid) {
rundir = strdup(RUNTIME_PATH);
return rundir;
}
From 4fbe33a47b7f280e79b2022326172c1cd5f4385c Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho at tycho.ws>
Date: Fri, 26 Jan 2018 21:21:51 +0000
Subject: [PATCH 2/2] better unprivileged detection
In particular, if we are already in a user namespace we are unprivileged,
and doing things like moving the physical nics back to the host netns won't
work. Let's do the same thing LXD does if euid == 0: inspect
/proc/self/uid_map and see what that says.
Signed-off-by: Tycho Andersen <tycho at tycho.ws>
---
src/lxc/utils.h | 30 ++++++++++++++++++++++++++++--
1 file changed, 28 insertions(+), 2 deletions(-)
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index f8cf26fbf..eb85871f1 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -427,8 +427,34 @@ extern int lxc_strmunmap(void *addr, size_t length);
/* initialize rand with urandom */
extern int randseed(bool);
-inline static bool am_unpriv(void) {
- return geteuid() != 0;
+inline static bool am_unpriv(void)
+{
+ FILE *f;
+ uid_t user, host, count;
+ int ret;
+
+ if (geteuid() != 0)
+ return true;
+
+ /* Now: are we in a user namespace? Because then we're also
+ * unprivileged.
+ */
+ f = fopen("/proc/self/uid_map", "r");
+ if (!f) {
+ //SYSERROR("couldn't open uid_map");
+ return false;
+ }
+
+ ret = fscanf(f, "%u %u %u", &user, &host, &count);
+ fclose(f);
+ if (ret != 3) {
+ //ERROR("Wrong number of entries (%d) in uid_map?", ret);
+ return false;
+ }
+
+ if (user != 0 || host != 0 || count != UINT32_MAX)
+ return true;
+ return false;
}
/*
More information about the lxc-devel
mailing list