From 4b826b1fdc516c71c7222ef68a45c4f6ad964df1 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 22 Dec 2017 17:11:45 +0100 Subject: [PATCH] start: make us dumpable When set set{u,g}id() the kernel will make us undumpable. This is unnecessary since we can guarantee that whatever is running inside the child process at this point this is fully trusted by the parent. Making us dumpable let's users use debuggers on the child process before the exec as well and also allows us to open /proc/ files in lieu of the child. Note, that we only need to perform the prctl(PR_SET_DUMPABLE, ...) if our effective uid on the host is not 0. If our effective uid on the host is 0 then we will keep all capabilities in the child user namespace across set{g,u}id(). Signed-off-by: Christian Brauner --- src/lxc/start.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index 83991cf53..6ac7784e6 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -930,14 +930,22 @@ static int do_start(void *data) * privilege over our namespace. */ if (!lxc_list_empty(&handler->conf->id_map)) { - if (lxc_switch_uid_gid(0, 0) < 0) + ret = lxc_switch_uid_gid(0, 0); + if (ret < 0) goto out_warn_father; /* Drop groups only after we switched to a valid gid in the new * user namespace. */ - if (lxc_setgroups(0, NULL) < 0) + ret = lxc_setgroups(0, NULL); + if (ret < 0) goto out_warn_father; + + if (!handler->am_root) { + ret = prctl(PR_SET_DUMPABLE, 1, 0, 0, 0); + if (ret < 0) + goto out_warn_father; + } } if (access(handler->lxcpath, X_OK)) { -- 2.47.2