[lxc-devel] [lxcfs/master] bindings: allow getattr on O_WRONLY files

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 2474 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20161006/84678689/attachment.bin>
-------------- next part --------------
From c1ef53add0130e46dc9904fa80790c0ad78ab27e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at canonical.com>
Date: Fri, 7 Oct 2016 00:59:53 +0200
Subject: [PATCH] bindings: allow getattr on O_WRONLY files

We should only deny getting the attributes of a file if it neither contains
O_RDONLY permission nor O_WRONLY permissions. Otherwise we ls -al will not show
attributes on O_WRONLY files. Such files are quite common under /proc or /sys.

BEFORE:
root at conventiont:~# ls -al /var/lib/lxcfs/cgroup/devices/
ls: cannot access '/var/lib/lxcfs/cgroup/devices/devices.allow': Permission denied
ls: cannot access '/var/lib/lxcfs/cgroup/devices/devices.deny': Permission denied
total 0
drwxr-xr-x 2 root root 0 Oct  7 01:00 .
drwxr-xr-x 2 root root 0 Oct  7 01:00 ..
-rw-r--r-- 1 root root 0 Oct  7 01:00 cgroup.clone_children
-rw-r--r-- 1 root root 0 Oct  7 01:00 cgroup.procs
-r--r--r-- 1 root root 0 Oct  7 01:00 cgroup.sane_behavior
?????????? ? ?    ?    ?            ? devices.allow
?????????? ? ?    ?    ?            ? devices.deny
-r--r--r-- 1 root root 0 Oct  7 01:00 devices.list
drwxr-xr-x 2 root root 0 Oct  7 01:00 init.scope
drwxr-xr-x 2 root root 0 Oct  7 01:00 lxc
-rw-r--r-- 1 root root 0 Oct  7 01:00 notify_on_release
-rw-r--r-- 1 root root 0 Oct  7 01:00 release_agent
drwxr-xr-x 2 root root 0 Oct  7 01:00 system.slice
-rw-r--r-- 1 root root 0 Oct  7 01:00 tasks
drwxr-xr-x 2 root root 0 Oct  7 01:00 user.slice

AFTER:
root at conventiont:~# ls -al /var/lib/lxcfs/cgroup/devices/
total 0
drwxr-xr-x 2 root root 0 Oct  7 01:01 .
drwxr-xr-x 2 root root 0 Oct  7 01:01 ..
-rw-r--r-- 1 root root 0 Oct  7 01:01 cgroup.clone_children
-rw-r--r-- 1 root root 0 Oct  7 01:01 cgroup.procs
-r--r--r-- 1 root root 0 Oct  7 01:01 cgroup.sane_behavior
--w------- 1 root root 0 Oct  7 01:01 devices.allow
--w------- 1 root root 0 Oct  7 01:01 devices.deny
-r--r--r-- 1 root root 0 Oct  7 01:01 devices.list
drwxr-xr-x 2 root root 0 Oct  7 01:01 init.scope
drwxr-xr-x 2 root root 0 Oct  7 01:01 lxc
-rw-r--r-- 1 root root 0 Oct  7 01:01 notify_on_release
-rw-r--r-- 1 root root 0 Oct  7 01:01 release_agent
drwxr-xr-x 2 root root 0 Oct  7 01:01 system.slice
-rw-r--r-- 1 root root 0 Oct  7 01:01 tasks
drwxr-xr-x 2 root root 0 Oct  7 01:01 user.slice

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
---
 bindings.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/bindings.c b/bindings.c
index 2f78ab5..0ae8fcf 100644
--- a/bindings.c
+++ b/bindings.c
@@ -1673,7 +1673,13 @@ int cg_getattr(const char *path, struct stat *sb)
 			ret = -ENOENT;
 			goto out;
 		}
-		if (!fc_may_access(fc, controller, path1, path2, O_RDONLY)) {
+		/* We should only deny getting the attributes of a file if it
+		 * neither contains O_RDONLY permission nor O_WRONLY
+		 * permissions. Otherwise we ls -al will not show attributes on
+		 * O_WRONLY files. Such files are quite common under /proc or
+		 * /sys. */
+		if (!fc_may_access(fc, controller, path1, path2, O_RDONLY) &&
+		    !fc_may_access(fc, controller, path1, path2, O_WRONLY)) {
 			ret = -EACCES;
 			goto out;
 		}