Skip to content

L
lxc
Commit f267d666 by Bogdan Purcareata Committed by Stéphane Graber
Options

mount_proc_if_needed: only safe mount when rootfs is defined

The safe_mount function was introduced in order to address CVE-2015-1335, one of the vulnerabilities being a mount with a symlink for the destination path. In scenarios such as lxc-execute with no rootfs, the destination path is the host /proc, which is previously mounted by the host, and is unmounted and mounted again in a new set of namespaces, therefore eliminating the need to check for it being a symlink. Mount the rootfs normally if the rootfs is NULL, keep the safe mount only for scenarios where a different rootfs is defined. Signed-off-by: 's avatarBogdan Purcareata <bogdan.purcareata@nxp.com> Acked-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
parent 37cf83ea
Showing with 10 additions and 1 deletion
src/lxc/conf.c
......@@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
return 0;
}
/* NOTE: not to be called from inside the container namespace! */
int tmp_proc_mount(struct lxc_conf *lxc_conf)
{
int mounted;
......
src/lxc/utils.c
......@@ -1704,6 +1704,8 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
*
* Returns < 0 on failure, 0 if the correct proc was already mounted
* and 1 if a new proc was mounted.
*
* NOTE: not to be called from inside the container namespace!
*/
int mount_proc_if_needed(const char *rootfs)
{
......@@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
return 0;
domount:
if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
if (!strcmp(rootfs,"")) /* rootfs is NULL */
ret = mount("proc", path, "proc", 0, NULL);
else
ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
if (ret < 0)
return -1;
INFO("Mounted /proc in container for security transition");
return 1;
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment