[Devel] [PATCH v2 5/8] add user mismatch test
Kir Kolyshkin
kir at openvz.org
Mon Apr 15 18:24:32 PDT 2013
On 03/22/2013 03:48 AM, Glauber Costa wrote:
> In theory, we won't be able to run if our private area is not owned by
> ourselves. We could, if it have very wide open security permissions, but we
> should never set up a container like that.
>
> Aside from a basic sanity check, this is intended to catch problems for the few
> people who may have already created containers that will be owned by root:root,
> and will now try to run it unprivileged.
>
> Signed-off-by: Glauber Costa <glommer at parallels.com>
> ---
> src/lib/env.c | 13 +++++++++++++
> 1 file changed, 13 insertions(+)
>
> diff --git a/src/lib/env.c b/src/lib/env.c
> index 2da848d..ff4dad2 100644
> --- a/src/lib/env.c
> +++ b/src/lib/env.c
> @@ -30,6 +30,7 @@
> #include <linux/reboot.h>
> #include <sys/mount.h>
> #include <sys/utsname.h>
> +#include <sys/stat.h>
>
> #include "vzerror.h"
> #include "res.h"
> @@ -551,6 +552,18 @@ int vps_start_custom(vps_handler *h, envid_t veid, vps_param *param,
> logger(-1, 0, "Container is already running");
> return VZ_VE_RUNNING;
> }
> + if (!is_vz_kernel(h) && h->can_join_userns) {
> + struct stat private_stat;
> + stat(res->fs.private, &private_stat);
> + if ((private_stat.st_uid != *res->misc.local_uid) ||
> + (private_stat.st_gid != *res->misc.local_gid)) {
> + logger(-1, 0, "Container private area is owned by %d:%d"
> + ", but configuration file says we should run with %lu:%lu.\n"
> + "Refusing to run.", private_stat.st_uid, private_stat.st_gid,
> + *res->misc.local_uid, *res->misc.local_gid);
> + return VZ_FS_BAD_TMPL;
> + }
> + }
> if ((ret = check_ub(h, &res->ub)))
> return ret;
>
looks good (just add checks for local_* being non-NULL)
More information about the Devel
mailing list