Package: debianutils
Version: 4.2.1
Severity: normal
File: /usr/bin/ischroot
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
ischroot in it's current form does not detect being run inside vserver
and returns 2 in this case. As ischoot is used for things like checking
if init should be signalled, it should consider running in vserver as
chroot.
Attached patch implements this in quite simple way - if there is
/proc/1/root and we can not read where it points as root, it returns 0.
- --
Michal Čihař | http://cihar.com | http://blog.cihar.com
- -- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.9-1.4-desktop (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=cs_CZ.UTF-8, LC_CTYPE=cs_CZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages debianutils depends on:
ii libc6 2.13-27
ii sensible-utils 0.0.6
debianutils recommends no packages.
debianutils suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJPbFJlAAoJEGo39bHX+xdNGvwQAMMr3jPSN2JDGSFGT4UHLmTb
f+6O9VCWDOxqLTRnC+j9nyVVpOmvP3GHa8dlVi86QLZA/IqYJK+3aDhGPhWoVoRQ
8hXi81NiahXbe9NPQZ+CIJOLqTbmCqnPrSpg7DssY1wmpVWpyfMWYmdU+/KqBEM/
2UNNS7TMda/ttYXXiem18w9KIiVm+3ckY4rg93V47E64H6fYb0e0eqbXCPWTpN6f
HBjm+cN+DMFZglpZJZMbl9aOZL+fsxFJcaNJ1GImlkoC4rPpYT5c/6Gkf/V9powH
NLqExVFang/kJX651rL1C/DyJohnwHgOsuynY2shgfU138z5GjCq9+iriKtwBS0m
Xqv91rEoMYIQcansfmmSUke9H3nBLSy5EburnB6D4ZHLjCv/GAy5SyL0IKJj/c2y
kAEu3ce/OIi7VZ6qPyjr6HYkvlG9tJEqa+YL+/SHeTvFKIcde0wnwAN8D7Westq/
Pkl9zkBCXkpvzVmbQOfQVAukyasRlfF3Byc5Cv8+7LDB+4GGgo7Ql7olgHq3+CeX
M9Yb6ViZGa25887R7jAg4yqU0bMcYcz8NV1fIFM1w/fE/oGJ9wN5W5jsrNZAF4Ig
9e1r+SybPFgfkaAhZiTrw+2cirmhc5ftDty1bCeGqq3YnMFlbe+W9lgpOf+msWUU
+f8rwU5ZTMtloMvXCDqU
=E1Iu
-----END PGP SIGNATURE-----
>From 39f55a8782ae3ff6d515285205561d32311e4446 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <ni...@debian.org>
Date: Fri, 23 Mar 2012 11:21:21 +0100
Subject: [PATCH] Properly handle situation inside vserver
vserver is sort of chroot, just with stricter enforcement, so let's
make ischoot detect it.
---
ischroot.c | 21 +++++++++++++++++----
1 files changed, 17 insertions(+), 4 deletions(-)
diff --git a/ischroot.c b/ischroot.c
index 9af6ea2..bed67f9 100644
--- a/ischroot.c
+++ b/ischroot.c
@@ -51,19 +51,32 @@ int isfakechroot()
#if defined (__linux__)
-/* On Linux we can detect chroots by checking if the
- * devicenumber/inode pair of / are the same as that of
+/* On Linux we can detect chroots by checking if the
+ * devicenumber/inode pair of / are the same as that of
* /sbin/init's. This may fail if not running as root or if
* /proc is not mounted, in which case 2 is returned.
+ *
+ * If /proc/1/root exists but can not be stated as root,
+ * we're running in some limited environment (eg. vserver),
+ * which we consider as chroot here.
*/
static int ischroot()
{
struct stat st1, st2;
- if (stat("/", &st1) || stat("/proc/1/root", &st2))
+ if (stat("/", &st1))
return 2;
- else if ((st1.st_dev == st2.st_dev) && (st1.st_ino == st2.st_ino))
+ if (stat("/proc/1/root", &st2)) {
+ /* Does /proc/1/root exist at all? */
+ if (lstat("/proc/1/root" , &st2))
+ return 2;
+ /* Are we root? */
+ if (geteuid() != 0)
+ return 2;
+ /* Root can not read /proc/1/root, assume vserver or similar */
+ return 0;
+ } else if ((st1.st_dev == st2.st_dev) && (st1.st_ino == st2.st_ino))
return 1;
else
return 0;
--
1.7.9.1
