2017-07-12 21:08:06 |
Jamie Strandboge |
description |
I'm not sure if this is a limitation of mediation or a bug, but performing an 'ls -d /' is allowed after creating an overlayfs on merged, pivot_rooting to merged and chrooting to /.
Reproducer:
$ tar -zxvf ./overlay-with-pivotroot-ls-root.tar.gz && sudo ./overlay-with-pivotroot-ls-root/drv
overlay-with-pivotroot-ls-root/
overlay-with-pivotroot-ls-root/p.in
overlay-with-pivotroot-ls-root/overlay.c
overlay-with-pivotroot-ls-root/drv
overlay-with-pivotroot-ls-root/tst
Created tmpdir '/tmp/tmp.GBIqWfpROZ'
Ubuntu 4.10.0-26.30-generic 4.10.17
Disabling kernel rate-limiting
kernel.printk_ratelimit = 0
Loading /tmp/tmp.GBIqWfpROZ/data/p
chdir(/tmp/tmp.GBIqWfpROZ/data/mnt)
Creating the overlay directories
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/lower
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/upper
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/work
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/merged
Populating /tmp/tmp.GBIqWfpROZ/data/mnt/lower
- /tmp/tmp.GBIqWfpROZ/data/mnt/lower/test-lower
Populating /tmp/tmp.GBIqWfpROZ/data/mnt/upper
- /tmp/tmp.GBIqWfpROZ/data/mnt/upper/test-upper
Perform the overlay
lower=/
upper=/tmp/tmp.GBIqWfpROZ/data/mnt/upper
work=/tmp/tmp.GBIqWfpROZ/data/mnt/work
where=/tmp/tmp.GBIqWfpROZ/data/mnt/merged
exe=/tmp/tmp.GBIqWfpROZ/data/tst
- unshare(CLONE_NEWNS)
- success
- mount('/tmp/tmp.GBIqWfpROZ/data/mnt/merged', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', NULL, MS_BIND, NULL
- success
- mount('none', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', NULL, MS_PRIVATE, NULL)
- success
- mount('overlay', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', 'overlay', MS_MGC_VAL, lowerdir=/,upperdir=/tmp/tmp.GBIqWfpROZ/data/mnt/upper,workdir=/tmp/tmp.GBIqWfpROZ/data/mnt/work
- success
- chdir('/tmp/tmp.GBIqWfpROZ/data/mnt/merged')
- success
- pivot_root('.', '.')
- success
- chdir('/')
- success
chroot('.')
- success
starting '/tmp/tmp.GBIqWfpROZ/data/tst'
ls -ld / (EXFAIL)
- ls -ld /
drwxr-xr-x 1 root root 4096 Jul 12 15:56 /
FAIL: could ls -ld /
- ls / (EXFAIL)
ls: cannot open directory '/': Permission denied
- ls -lR / (EXFAIL)
ls: cannot open directory '/': Permission denied
Cleaning up
- umount /tmp/tmp.GBIqWfpROZ/data/mnt/merged
- rm -rf /tmp/tmp.GBIqWfpROZ |
I'm not sure if this is a limitation of mediation or a bug, but performing an 'ls -d /' is allowed after creating an overlayfs on merged, pivot_rooting to merged and chrooting to /.
Reproducer:
$ tar -zxvf ./overlay-with-pivotroot-ls-root.tar.gz && sudo ./overlay-with-pivotroot-ls-root/drv
overlay-with-pivotroot-ls-root/
overlay-with-pivotroot-ls-root/p.in
overlay-with-pivotroot-ls-root/overlay.c
overlay-with-pivotroot-ls-root/drv
overlay-with-pivotroot-ls-root/tst
Created tmpdir '/tmp/tmp.GBIqWfpROZ'
Ubuntu 4.10.0-26.30-generic 4.10.17
Disabling kernel rate-limiting
kernel.printk_ratelimit = 0
Loading /tmp/tmp.GBIqWfpROZ/data/p
chdir(/tmp/tmp.GBIqWfpROZ/data/mnt)
Creating the overlay directories
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/lower
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/upper
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/work
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/merged
Populating /tmp/tmp.GBIqWfpROZ/data/mnt/lower
- /tmp/tmp.GBIqWfpROZ/data/mnt/lower/test-lower
Populating /tmp/tmp.GBIqWfpROZ/data/mnt/upper
- /tmp/tmp.GBIqWfpROZ/data/mnt/upper/test-upper
Perform the overlay
lower=/
upper=/tmp/tmp.GBIqWfpROZ/data/mnt/upper
work=/tmp/tmp.GBIqWfpROZ/data/mnt/work
where=/tmp/tmp.GBIqWfpROZ/data/mnt/merged
exe=/tmp/tmp.GBIqWfpROZ/data/tst
- unshare(CLONE_NEWNS)
- success
- mount('/tmp/tmp.GBIqWfpROZ/data/mnt/merged', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', NULL, MS_BIND, NULL
- success
- mount('none', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', NULL, MS_PRIVATE, NULL)
- success
- mount('overlay', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', 'overlay', MS_MGC_VAL, lowerdir=/,upperdir=/tmp/tmp.GBIqWfpROZ/data/mnt/upper,workdir=/tmp/tmp.GBIqWfpROZ/data/mnt/work
- success
- chdir('/tmp/tmp.GBIqWfpROZ/data/mnt/merged')
- success
- pivot_root('.', '.')
- success
- chdir('/')
- success
chroot('.')
- success
starting '/tmp/tmp.GBIqWfpROZ/data/tst'
ls -ld / (EXFAIL)
- ls -ld /
drwxr-xr-x 1 root root 4096 Jul 12 15:56 /
FAIL: could ls -ld /
- ls / (EXFAIL)
ls: cannot open directory '/': Permission denied
- ls -lR / (EXFAIL)
ls: cannot open directory '/': Permission denied
Cleaning up
- umount /tmp/tmp.GBIqWfpROZ/data/mnt/merged
- rm -rf /tmp/tmp.GBIqWfpROZ
Tested on 4.4, 4.10 and 4.11. Not sure if this is a duplicate or related to bug #1703991. |
|