'ls -d /' not mediated with overlayfs, pivotroot and chroot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
I'm not sure if this is a limitation of mediation or a bug, but performing an 'ls -d /' is allowed after creating an overlayfs on merged, pivot_rooting to merged and chrooting to /.
Reproducer:
$ tar -zxvf ./overlay-
overlay-
overlay-
overlay-
overlay-
overlay-
Created tmpdir '/tmp/tmp.
Ubuntu 4.10.0-
Disabling kernel rate-limiting
kernel.
Loading /tmp/tmp.
chdir(/
Creating the overlay directories
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
Populating /tmp/tmp.
- /tmp/tmp.
Populating /tmp/tmp.
- /tmp/tmp.
Perform the overlay
lower=/
upper=/
work=/tmp/
where=/
exe=/tmp/
- unshare(
- success
- mount('
- success
- mount('none', '/tmp/tmp.
- success
- mount('overlay', '/tmp/tmp.
- success
- chdir('
- success
- pivot_root('.', '.')
- success
- chdir('/')
- success
chroot('.')
- success
starting '/tmp/tmp.
ls -ld / (EXFAIL)
- ls -ld /
drwxr-xr-x 1 root root 4096 Jul 12 15:56 /
FAIL: could ls -ld /
- ls / (EXFAIL)
ls: cannot open directory '/': Permission denied
- ls -lR / (EXFAIL)
ls: cannot open directory '/': Permission denied
Cleaning up
- umount /tmp/tmp.
- rm -rf /tmp/tmp.GBIqWfpROZ
Tested on 4.4, 4.10 and 4.11. Not sure if this is a duplicate or related to bug #1703991.
description: | updated |