[CRIU] [PATCH 3/3] mount: open a root directory for mount namesapces via the root task
Pavel Emelyanov
xemul at virtuozzo.com
Wed Aug 3 02:59:21 PDT 2016
On 08/02/2016 09:04 PM, Andrew Vagin wrote:
> On Tue, Aug 02, 2016 at 03:08:17PM +0300, Pavel Emelyanov wrote:
>> On 07/27/2016 09:21 PM, Andrey Vagin wrote:
>>> From: Andrew Vagin <avagin at virtuozzo.com>
>>>
>>> We use openat() syscall to open files in various mount namespaces.
>>> Recently we found that if a path contains absolute symlinks, openat()
>>> syscall resolves them relative to the current root, but they has to be
>>> resolved relative to the root of the target namespace, so we need to
>>> change root before restoring a file descriprot.
>>
>> OK, what's the exact problem we're having now? Which openat() is called
>> on a path with symlink?
>
> When we restore a file, we use openat() to open it:
>
> fd = openat(ns_root_fd, rfi->path, flags);
>
> but rfi->path can containe absolute symlinks
How can this happen? The rfi->path is the path we read from /proc/pid/fd/n
which, in turn, is generated by kernel d_path() routine which, in turn :),
walks the dentry tree upwards, so all symlinks in between are impossible!
> and in this case, openat()
> will be not enogh and we need to make chroot to resolve symlinks
> correctly.
>
> fchroot(ns_root_fd)
> open(rfi->path, flags);
More information about the CRIU
mailing list