[Devel] [PATCH 5/6] add user mismatch test
Glauber Costa
glommer at parallels.com
Mon Mar 11 04:01:26 PDT 2013
In theory, we won't be able to run if our private area is not owned by
ourselves. We could, if it have very wide open security permissions, but we
should never set up a container like that.
Aside from a basic sanity check, this is intended to catch problems for the few
people who may have already created containers that will be owned by root:root,
and will now try to run it unprivileged.
Signed-off-by: Glauber Costa <glommer at parallels.com>
---
src/lib/env.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
diff --git a/src/lib/env.c b/src/lib/env.c
index 75e2dee..bca9c31 100644
--- a/src/lib/env.c
+++ b/src/lib/env.c
@@ -30,6 +30,7 @@
#include <linux/reboot.h>
#include <sys/mount.h>
#include <sys/utsname.h>
+#include <sys/stat.h>
#include "vzerror.h"
#include "res.h"
@@ -567,6 +568,18 @@ int vps_start_custom(vps_handler *h, envid_t veid, vps_param *param,
logger(-1, 0, "Container is already running");
return VZ_VE_RUNNING;
}
+ if (!is_vz_kernel(h) && h->can_join_userns) {
+ struct stat private_stat;
+ stat(res->fs.private, &private_stat);
+ if ((private_stat.st_uid != res->misc.local_uid) ||
+ (private_stat.st_gid != res->misc.local_gid)) {
+ logger(-1, 0, "Container private area is owned by %d:%d"
+ ", but configuration file says we should run with %lu:%lu.\n"
+ "Refusing to run.", private_stat.st_uid, private_stat.st_gid,
+ res->misc.local_uid, res->misc.local_gid);
+ return VZ_FS_BAD_TMPL;
+ }
+ }
if ((ret = check_ub(h, &res->ub)))
return ret;
--
1.7.11.7
More information about the Devel
mailing list