The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2111
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Hey guys, I'm doing something slightly weird, running lxc inside of lxc-usernsexec. I uncovered some bugs. Take a look.
From 9650c735c7dd56bb5200b20f85e5b6b0482edb7b Mon Sep 17 00:00:00 2001 From: Tycho Andersen <ty...@tycho.ws> Date: Fri, 26 Jan 2018 17:43:12 +0000 Subject: [PATCH 1/2] better check for lock dir Consider the case where we're running in a user namespace but in the host's mount ns with the host's filesystem (something like lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we can't actually write to /run. Let's improve this locking check to make sure we can actually write to /run before we decide to actually use it as our locking dir. Signed-off-by: Tycho Andersen <ty...@tycho.ws> --- src/lxc/utils.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/lxc/utils.c b/src/lxc/utils.c index 0b8841630..c7812fdac 100644 --- a/src/lxc/utils.c +++ b/src/lxc/utils.c @@ -245,8 +245,13 @@ char *get_rundir() { char *rundir; const char *homedir; + struct stat sb; + + if (stat(RUNTIME_PATH, &sb) < 0) { + return NULL; + } - if (geteuid() == 0) { + if (geteuid() == sb.st_uid || getegid() == sb.st_gid) { rundir = strdup(RUNTIME_PATH); return rundir; } From 4fbe33a47b7f280e79b2022326172c1cd5f4385c Mon Sep 17 00:00:00 2001 From: Tycho Andersen <ty...@tycho.ws> Date: Fri, 26 Jan 2018 21:21:51 +0000 Subject: [PATCH 2/2] better unprivileged detection In particular, if we are already in a user namespace we are unprivileged, and doing things like moving the physical nics back to the host netns won't work. Let's do the same thing LXD does if euid == 0: inspect /proc/self/uid_map and see what that says. Signed-off-by: Tycho Andersen <ty...@tycho.ws> --- src/lxc/utils.h | 30 ++++++++++++++++++++++++++++-- 1 file changed, 28 insertions(+), 2 deletions(-) diff --git a/src/lxc/utils.h b/src/lxc/utils.h index f8cf26fbf..eb85871f1 100644 --- a/src/lxc/utils.h +++ b/src/lxc/utils.h @@ -427,8 +427,34 @@ extern int lxc_strmunmap(void *addr, size_t length); /* initialize rand with urandom */ extern int randseed(bool); -inline static bool am_unpriv(void) { - return geteuid() != 0; +inline static bool am_unpriv(void) +{ + FILE *f; + uid_t user, host, count; + int ret; + + if (geteuid() != 0) + return true; + + /* Now: are we in a user namespace? Because then we're also + * unprivileged. + */ + f = fopen("/proc/self/uid_map", "r"); + if (!f) { + //SYSERROR("couldn't open uid_map"); + return false; + } + + ret = fscanf(f, "%u %u %u", &user, &host, &count); + fclose(f); + if (ret != 3) { + //ERROR("Wrong number of entries (%d) in uid_map?", ret); + return false; + } + + if (user != 0 || host != 0 || count != UINT32_MAX) + return true; + return false; } /*
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel