[Devel] [PATCH v4 2/7] add user mismatch test

Glauber Costa glommer at openvz.org
Tue May 14 03:52:47 PDT 2013


From: Glauber Costa <glommer at parallels.com>

In theory, we won't be able to run if our private area is not owned by
ourselves.  We could, if it have very wide open security permissions, but we
should never set up a container like that.

Aside from a basic sanity check, this is intended to catch problems for the few
people who may have already created containers that will be owned by root:root,
and will now try to run it unprivileged.

Signed-off-by: Glauber Costa <glommer at parallels.com>
---
 src/lib/env.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/src/lib/env.c b/src/lib/env.c
index 898bfc8..96400c0 100644
--- a/src/lib/env.c
+++ b/src/lib/env.c
@@ -30,6 +30,7 @@
 #include <linux/reboot.h>
 #include <sys/mount.h>
 #include <sys/utsname.h>
+#include <sys/stat.h>
 
 #include "vzerror.h"
 #include "res.h"
@@ -554,6 +555,21 @@ int vps_start_custom(vps_handler *h, envid_t veid, vps_param *param,
 		logger(-1, 0, "Container is already running");
 		return VZ_VE_RUNNING;
 	}
+	if (!is_vz_kernel(h) && h->can_join_userns) {
+		struct stat private_stat;
+		unsigned long *local_uid = res->misc.local_uid;
+		unsigned long *local_gid = res->misc.local_gid;
+
+		stat(res->fs.private, &private_stat);
+		if ((local_uid && (private_stat.st_uid != *local_uid)) ||
+			(local_gid && (private_stat.st_gid != *local_gid))) {
+			logger(-1, 0, "Container private area is owned by %d:%d"
+			", but configuration file says we should run with %lu:%lu.\n"
+			"Refusing to run.", private_stat.st_uid, private_stat.st_gid,
+			*res->misc.local_uid, *res->misc.local_gid);
+			return VZ_FS_BAD_TMPL;
+		}
+	}
 	if ((ret = check_ub(h, &res->ub)))
 		return ret;
 
-- 
1.7.11.7




More information about the Devel mailing list