[lxc-devel] [lxc/lxc] 5a46f2: conf, confile: add option for PR_SET_NO_NEW_PRIVS

GitHub noreply at github.com
Fri Sep 16 01:35:23 UTC 2016


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 5a46f2831ee8444c6146345dd0e0ec2a83e4e761
      https://github.com/lxc/lxc/commit/5a46f2831ee8444c6146345dd0e0ec2a83e4e761
  Author: Christian Brauner <christian.brauner at canonical.com>
  Date:   2016-09-05 (Mon, 05 Sep 2016)

  Changed paths:
    M src/lxc/conf.h
    M src/lxc/confile.c

  Log Message:
  -----------
  conf, confile: add option for PR_SET_NO_NEW_PRIVS

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>


  Commit: 029cdff5822b155245df6355e1a774ceb4f415f7
      https://github.com/lxc/lxc/commit/029cdff5822b155245df6355e1a774ceb4f415f7
  Author: Christian Brauner <christian.brauner at canonical.com>
  Date:   2016-09-05 (Mon, 05 Sep 2016)

  Changed paths:
    M src/lxc/start.c

  Log Message:
  -----------
  start: set PR_SET_NO_NEW_PRIVS when requested

Set no_new_privs after setting the lsm label. If we do set it before we aren't
allowed to change the label anymore.

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>


  Commit: 1325da7eae056474fcb0e7362927d53e29e4ca2f
      https://github.com/lxc/lxc/commit/1325da7eae056474fcb0e7362927d53e29e4ca2f
  Author: Christian Brauner <christian.brauner at canonical.com>
  Date:   2016-09-05 (Mon, 05 Sep 2016)

  Changed paths:
    M src/lxc/attach_options.h

  Log Message:
  -----------
  attach_options: add LXC_ATTACH_NO_NEW_PRIVS

Add a flag for PR_SET_NO_NEW_PRIVS. It is off by default.

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>


  Commit: ff07d7bb5a3e056eb51e5fe259c79d113435eca5
      https://github.com/lxc/lxc/commit/ff07d7bb5a3e056eb51e5fe259c79d113435eca5
  Author: Christian Brauner <christian.brauner at canonical.com>
  Date:   2016-09-05 (Mon, 05 Sep 2016)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  attach: call lxc_container_new() earlier

We will reuse the newly initialized container for PR_SET_NO_NEW_PRIVS.

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>


  Commit: 2e812c16a502b03abe79ee00025de50d1928ad5e
      https://github.com/lxc/lxc/commit/2e812c16a502b03abe79ee00025de50d1928ad5e
  Author: Christian Brauner <christian.brauner at canonical.com>
  Date:   2016-09-05 (Mon, 05 Sep 2016)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  attach: use PR_SET_NO_NEW_PRIVS

- When we detect that the container, we want to attach to, has been stared with
  PR_SET_NO_NEW_PRIVS we attach with PR_SET_NO_NEW_PRIVS as well. (We might
  relax this restriction later but let's be strict for now.)
- When LXC_ATTACH_NO_NEW_PRIVS is set in the flags passed to
  lxc_attach()/attach_child_main() then we set PR_SET_NO_NEW_PRIVS irrespective
  of whether the container was started with PR_SET_NO_NEW_PRIVS or not.
- Set no_new_privs before lsm and seccomp. We probably don't want attach() to
  be able to change the lsm or seccomp policy if the container was started with
  PR_SET_NO_NEW_PRIVS enabled.

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>


  Commit: 222ddc91a818cba50fe23c5166f7662d3da84622
      https://github.com/lxc/lxc/commit/222ddc91a818cba50fe23c5166f7662d3da84622
  Author: Christian Brauner <christian.brauner at canonical.com>
  Date:   2016-09-05 (Mon, 05 Sep 2016)

  Changed paths:
    M doc/lxc.container.conf.sgml.in

  Log Message:
  -----------
  doc: add lxc.no_new_privs to lxc.container.conf

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>


  Commit: 955e2a0237c7d914fc7561018ebff4970a8b12df
      https://github.com/lxc/lxc/commit/955e2a0237c7d914fc7561018ebff4970a8b12df
  Author: Christian Brauner <christian.brauner at canonical.com>
  Date:   2016-09-06 (Tue, 06 Sep 2016)

  Changed paths:
    M configure.ac
    M src/lxc/attach.c
    M src/lxc/start.c

  Log Message:
  -----------
  attach, start: declare PR_{S,G}PR_GET_NO_NEW_PRIVS

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>


  Commit: bca94305afabaa7c115d7732844230435b766169
      https://github.com/lxc/lxc/commit/bca94305afabaa7c115d7732844230435b766169
  Author: Christian Brauner <christian.brauner at canonical.com>
  Date:   2016-09-06 (Tue, 06 Sep 2016)

  Changed paths:
    M src/tests/Makefile.am
    A src/tests/lxc-test-no-new-privs

  Log Message:
  -----------
  tests: add test for PR_SET_NO_NEW_PRIVS

Signed-off-by: Christian Brauner <christian.brauner at canonical.com>


  Commit: a307c271461c68ca8987fbde74e54ca4b4f57b28
      https://github.com/lxc/lxc/commit/a307c271461c68ca8987fbde74e54ca4b4f57b28
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2016-09-15 (Thu, 15 Sep 2016)

  Changed paths:
    M configure.ac
    M doc/lxc.container.conf.sgml.in
    M src/lxc/attach.c
    M src/lxc/attach_options.h
    M src/lxc/conf.h
    M src/lxc/confile.c
    M src/lxc/start.c
    M src/tests/Makefile.am
    A src/tests/lxc-test-no-new-privs

  Log Message:
  -----------
  Merge pull request #1166 from brauner/2016-09-02/no_new_privileges

implement PR_SET_NO_NEW_PRIVS in liblxc


Compare: https://github.com/lxc/lxc/compare/18000bb3a3cd...a307c271461c


More information about the lxc-devel mailing list