Bug#956739: util-linux: PID persistent namespace broken

[Michael Braun]

Package: util-linux
Version: 2.33.1-0.1
Severity: normal

Dear Maintainer,

   * What led up to the situation?

I tried using unshare and nsenter with the pid (and mount) persistent 
namespaces.
So I created new namespaces using unshare and tried to enter them using nsenter.

   * What exactly did you do (or not do) that was effective (or
     ineffective)?

Providing nsenter with the same persistent PID namespace file did not result in 
entering the same PID namespace.

console #1

 ~ # mount --make-private /
 ~ # touch /tmp/test-{pid,mnt}
 ~ # unshare --pid=/tmp/test-pid --mount=/tmp/test-mnt --fork --mount-proc
 ~ # ps faxu
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  1.0  0.0   9652  4876 pts/7    S    23:22   0:00 -bash
root         8  0.0  0.0  12156  3144 pts/7    R+   23:22   0:00 ps faxu
 ~ # mount
[all host mounts repeated here]
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
 ~ #

   * What was the outcome of this action?

console #2 (with console #1 still open)

 ~ # nsenter --mount=/tmp/test-mnt --pid=/tmp/test-pid
 / # ps faxu
Error, do this: mount -t proc proc /proc
 / # mount
  mount: failed to read mtab: Datei oder Verzeichnis nicht gefunden

console #3 (with console #1 + #2 still open)

~ # lsns --output-all -u
        NS TYPE   PATH               NPROCS   PID  PPID COMMAND                 
                                                               UID USER         
NETNSID NSFS
4026531835 cgroup /proc/1/ns/cgroup     420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531836 pid    /proc/1/ns/pid        419     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              /tmp/test-pid
4026531837 user   /proc/1/ns/user       420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531838 uts    /proc/1/ns/uts        420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531839 ipc    /proc/1/ns/ipc        420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531840 mnt    /proc/1/ns/mnt        395     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
              
4026531860 mnt    /proc/50/ns/mnt         1    50     2 kdevtmpfs               
                                                                 0 root         
        
4026532000 net    /proc/1/ns/net        420     1     0 /sbin/init noibrs 
noibpb nopti nospectre_v2 nospec_store_bypass_disable no_stf_barrier   0 root   
   unassigned 
4026532199 mnt    /proc/436/ns/mnt        1   436     1 
/lib/systemd/systemd-udevd                                                      
         0 root                 
4026532209 mnt    /proc/718/ns/mnt        1   718     1 /usr/sbin/irqbalance 
--foreground                                                        0 root      
           
4026532361 mnt    /proc/17407/ns/mnt      4 17407 15596 unshare 
--pid=/tmp/test-pid --mount=/tmp/test-mnt --fork --mount-proc                   
 0 root                 /tmp/test-mnt
4026532362 pid    /proc/17409/ns/pid      1 17409 17407 -bash                   
                                                                 0 root         
        

~ # ps faxu
[excerpt]
root     17407  0.0  0.0   6772   756 pts/7    S    23:22   0:00  |           
\_ unshare --pid=/tmp/test-pid --mount=/tmp/test-mnt --fork --mount-proc
root     17409  0.0  0.0   9652  4876 pts/7    S+   23:22   0:00  |             
  \_ -bash

   * What outcome did you expect instead?

I expected nsenter to join the pid namespace given.
I expected /tmp/test-pid to not shared PID namespace with /init but instead 
with PID 17409.

This is probably due to the PID namespace not affecting the unshare main 
process after the unshare syscall, but only its child processes.
Therefore bind_ns_files_from_child should probably call bind_ns_files not with 
the parent (unshare process) process id but its child process id.
To fix it, instead of ns/pid, ns/pid_for_children could be used. Though, 
ns/pid_for_children is empty before the first child has been created, so 
unshare.c needs some more work than just replacing ns/pid with 
ns/pid_for_children.

-- System Information:
Debian Release: 10.1
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL 
set to de_DE.utf8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set 
to de_DE.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages util-linux depends on:
ii  fdisk          2.33.1-0.1
ii  libaudit1      1:2.8.4-3
ii  libblkid1      2.33.1-0.1
ii  libc6          2.28-10
ii  libcap-ng0     0.7.9-2
ii  libmount1      2.33.1-0.1
ii  libpam0g       1.3.1-5
ii  libselinux1    2.8-1+b1
ii  libsmartcols1  2.33.1-0.1
ii  libsystemd0    241-7~deb10u1
ii  libtinfo6      6.1+20181013-2+deb10u1
ii  libudev1       241-7~deb10u1
ii  libuuid1       2.33.1-0.1
ii  login          1:4.5-1.1
ii  zlib1g         1:1.2.11.dfsg-1

util-linux recommends no packages.

Versions of packages util-linux suggests:
pn  dosfstools          <none>
ii  kbd                 2.0.4-4
pn  util-linux-locales  <none>

-- debconf information:
  util-linux/noauto-with-nonzero-passnum: