]> git.ipfire.org Git - thirdparty/lxc.git/commit
projects / thirdparty / lxc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b88cced) | patch
rexec: make rexecution opt-in for library callers 2846/head
authorChristian Brauner <christian.brauner@ubuntu.com>
Tue, 12 Feb 2019 16:31:14 +0000 (17:31 +0100)
committerChristian Brauner <christian.brauner@ubuntu.com>
Tue, 12 Feb 2019 16:58:34 +0000 (17:58 +0100)
commitd3a9befc86113228f77c89030336faa84a5557c0
tree9d165ca0a6e564ff17471c60b7e6f5b1c99a73batree
parentb88ccedc1e059e5115292b40e9a4bd1c2881d3e6commit | diff
rexec: make rexecution opt-in for library callers

We cannot rexecute the liblxc shared library unconditionally as this would
break most of our downstreams. Here are some scenarios:
- anyone performing a dlopen() on the shared library (e.g. users of the LXC
  Python bindings)
- LXD as it needs to know the absolute path to its own executable based on
  /proc/self/exe etc.

This commit makes the rexecution of liblxc conditional on whether the
LXC_MEMFD_REXEC environment variable is set or not. If it is then liblxc is
unconditionally rexecuted.

The only relevant attack vector exists for lxc-attach which we simply reexecute
unconditionally.

Reported-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
src/lxc/Makefile.am diff | blob | blame | history
src/lxc/rexec.c diff | blob | blame | history
src/lxc/rexec.h [new file with mode: 0644] blob
src/lxc/tools/lxc_attach.c diff | blob | blame | history
Mirror of https://github.com/lxc/lxc.git