AppArmor

Bug #1703988
Comment #0

Comment 0 for bug 1703988

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2017-07-12:

I'm not sure if this is a limitation of mediation or a bug, but performing an 'ls -d /' is allowed after creating an overlayfs on merged, pivot_rooting to merged and chrooting to /.

Reproducer:
$ tar -zxvf ./overlay-with-pivotroot-ls-root.tar.gz && sudo ./overlay-with-pivotroot-ls-root/drv
overlay-with-pivotroot-ls-root/
overlay-with-pivotroot-ls-root/p.in
overlay-with-pivotroot-ls-root/overlay.c
overlay-with-pivotroot-ls-root/drv
overlay-with-pivotroot-ls-root/tst
Created tmpdir '/tmp/tmp.GBIqWfpROZ'

Ubuntu 4.10.0-26.30-generic 4.10.17

Disabling kernel rate-limiting
kernel.printk_ratelimit = 0

Loading /tmp/tmp.GBIqWfpROZ/data/p

chdir(/tmp/tmp.GBIqWfpROZ/data/mnt)

Creating the overlay directories
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/lower
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/upper
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/work
- mkdir /tmp/tmp.GBIqWfpROZ/data/mnt/merged

Populating /tmp/tmp.GBIqWfpROZ/data/mnt/lower
- /tmp/tmp.GBIqWfpROZ/data/mnt/lower/test-lower

Populating /tmp/tmp.GBIqWfpROZ/data/mnt/upper
- /tmp/tmp.GBIqWfpROZ/data/mnt/upper/test-upper

Perform the overlay
lower=/
upper=/tmp/tmp.GBIqWfpROZ/data/mnt/upper
work=/tmp/tmp.GBIqWfpROZ/data/mnt/work
where=/tmp/tmp.GBIqWfpROZ/data/mnt/merged
exe=/tmp/tmp.GBIqWfpROZ/data/tst
- unshare(CLONE_NEWNS)
- success
- mount('/tmp/tmp.GBIqWfpROZ/data/mnt/merged', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', NULL, MS_BIND, NULL
- success
- mount('none', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', NULL, MS_PRIVATE, NULL)
- success
- mount('overlay', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', 'overlay', MS_MGC_VAL, lowerdir=/,upperdir=/tmp/tmp.GBIqWfpROZ/data/mnt/upper,workdir=/tmp/tmp.GBIqWfpROZ/data/mnt/work
- success
- chdir('/tmp/tmp.GBIqWfpROZ/data/mnt/merged')
- success
- pivot_root('.', '.')
- success
- chdir('/')
- success
chroot('.')
- success
starting '/tmp/tmp.GBIqWfpROZ/data/tst'

ls -ld / (EXFAIL)
- ls -ld /
drwxr-xr-x 1 root root 4096 Jul 12 15:56 /
FAIL: could ls -ld /

- ls / (EXFAIL)
ls: cannot open directory '/': Permission denied

- ls -lR / (EXFAIL)
ls: cannot open directory '/': Permission denied

Cleaning up
- umount /tmp/tmp.GBIqWfpROZ/data/mnt/merged
- rm -rf /tmp/tmp.GBIqWfpROZ

I'm not sure if this is a limitation of mediation or a bug, but performing an 'ls -d /' is allowed after creating an overlayfs on merged, pivot_rooting to merged and chrooting to /.

Ubuntu 4.10.0-26.30-generic 4.10.17

Disabling kernel rate-limiting
kernel.printk_ratelimit = 0

Loading /tmp/tmp.GBIqWfpROZ/data/p

chdir(/tmp/tmp.GBIqWfpROZ/data/mnt)

Populating /tmp/tmp.GBIqWfpROZ/data/mnt/lower
- /tmp/tmp.GBIqWfpROZ/data/mnt/lower/test-lower

Populating /tmp/tmp.GBIqWfpROZ/data/mnt/upper
- /tmp/tmp.GBIqWfpROZ/data/mnt/upper/test-upper

Perform the overlay
lower=/
upper=/tmp/tmp.GBIqWfpROZ/data/mnt/upper
work=/tmp/tmp.GBIqWfpROZ/data/mnt/work
where=/tmp/tmp.GBIqWfpROZ/data/mnt/merged
exe=/tmp/tmp.GBIqWfpROZ/data/tst
- unshare(CLONE_NEWNS)
 - success
- mount('/tmp/tmp.GBIqWfpROZ/data/mnt/merged', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', NULL, MS_BIND, NULL
 - success
- mount('none', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', NULL, MS_PRIVATE, NULL)
 - success
- mount('overlay', '/tmp/tmp.GBIqWfpROZ/data/mnt/merged', 'overlay', MS_MGC_VAL, lowerdir=/,upperdir=/tmp/tmp.GBIqWfpROZ/data/mnt/upper,workdir=/tmp/tmp.GBIqWfpROZ/data/mnt/work
 - success
- chdir('/tmp/tmp.GBIqWfpROZ/data/mnt/merged')
 - success
- pivot_root('.', '.')
 - success
- chdir('/')
 - success
chroot('.')
 - success
starting '/tmp/tmp.GBIqWfpROZ/data/tst'

ls -ld / (EXFAIL)
- ls -ld /
drwxr-xr-x 1 root root 4096 Jul 12 15:56 /
FAIL: could ls -ld /

- ls / (EXFAIL)
ls: cannot open directory '/': Permission denied

- ls -lR / (EXFAIL)
ls: cannot open directory '/': Permission denied

Cleaning up
- umount /tmp/tmp.GBIqWfpROZ/data/mnt/merged
- rm -rf /tmp/tmp.GBIqWfpROZ