]> git.ipfire.org Git - thirdparty/lxc.git/commitdiff
projects / thirdparty / lxc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 37cf83e)
mount_proc_if_needed: only safe mount when rootfs is defined
authorBogdan Purcareata <bogdan.purcareata@nxp.com>
Wed, 20 Jan 2016 10:53:57 +0000 (10:53 +0000)
committerStéphane Graber <stgraber@ubuntu.com>
Thu, 28 Jan 2016 11:01:18 +0000 (12:01 +0100)
The safe_mount function was introduced in order to address CVE-2015-1335,
one of the vulnerabilities being a mount with a symlink for the
destination path. In scenarios such as lxc-execute with no rootfs, the
destination path is the host /proc, which is previously mounted by the
host, and is unmounted and mounted again in a new set of namespaces,
therefore eliminating the need to check for it being a symlink.

Mount the rootfs normally if the rootfs is NULL, keep the safe mount
only for scenarios where a different rootfs is defined.

Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
src/lxc/conf.c patch | blob | blame | history
src/lxc/utils.c patch | blob | blame | history

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 632dde310a01531f161480f4b0cae5804c2a8db8..1e30c0ce8b094c0a0170ed45cbc0630dce2093ad 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
        return 0;
 }
 
+/* NOTE: not to be called from inside the container namespace! */
 int tmp_proc_mount(struct lxc_conf *lxc_conf)
 {
        int mounted;
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 4e96a508204d0d58edc5d61d416626f35a89fc5f..0bc7a20450a6fe509f7831edaea3ae339a98111d 100644 (file)
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -1704,6 +1704,8 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
  *
  * Returns < 0 on failure, 0 if the correct proc was already mounted
  * and 1 if a new proc was mounted.
+ *
+ * NOTE: not to be called from inside the container namespace!
  */
 int mount_proc_if_needed(const char *rootfs)
 {
@@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
        return 0;
 
 domount:
-       if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
+       if (!strcmp(rootfs,"")) /* rootfs is NULL */
+               ret = mount("proc", path, "proc", 0, NULL);
+       else
+               ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
+
+       if (ret < 0)
                return -1;
+
        INFO("Mounted /proc in container for security transition");
        return 1;
 }
Mirror of https://github.com/lxc/lxc.git