Hi Serge, Thanks! the 'root' item in procfs did the work
On Fri, Sep 5, 2014 at 2:10 AM, Serge Hallyn <serge.hal...@ubuntu.com> wrote: > Quoting Aaron Lewis (the.warl0ck.1...@gmail.com): >> Hi, >> >> I have a program, say /usr/bin/nginx running in a container. >> Now on the host machine, when I check /proc/pid/exe it points to >> "/usr/bin/nginx" which is not the physical path >> >> Is there any way to get the correct path? > > Short answer, depends on how robust you want it to be. > > Even shorter answer, there is no "correct path". > > A few points, > > 1. you can look under /proc/pid/root/ to see the path > which is being talked about. > > 2. however that may have already been changed due to either > a 'rm /bin/ls; cp /bin/ls.new /bin/ls' or a unshare(CLONE_NEWNS) > by nginx. > > 3. I'm actually not sure whether, if you open /proc/self/exe, > if that will actually open the file that was executed regardless > of (2), or whether it will walk the path and open the new file. > > 4. The actual /proc/pid/root of the container is *not* > /var/lib/lxc/c1/rootfs, it's /usr/lib/x86_64-linux-gnu/lxc > onto which either /var/lib/lxc/c1/rootfs or some other rootfs > was mounted in a new namespace. So really you have no definately > valid path to the binary. > > 5. subject to (2), you can also setns(2) to the /proc/pid/ns/mnt > of the container task and then open the path, as an alternative > to using /proc/pid/root. > > Ideally what you'd have is a (device:inode_number) stored somewhere > under /proc/pid, but I don't see it. It's also not as valuable as > you'd think, since /proc/pid/exe may have already been attacked with > a buffer overflow, mmap()d /bin/shadow and jumped into that memory, > i.e. not be running /proc/pid/exe at all any more. > > -serge > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users -- Best Regards, Aaron Lewis - PGP: 0x13714D33 - http://pgp.mit.edu/ Finger Print: 9F67 391B B770 8FF6 99DC D92D 87F6 2602 1371 4D33 _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users