'ls -d /' not mediated with overlayfs and chroot
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
AppArmor |
New
|
Undecided
|
Unassigned |
Bug Description
I'm not sure if this is a limitation of mediation or a bug, but performing an 'ls -d /' is allowed after creating an overlayfs on merged and chrooting to merged.
Reproducer:
$ tar -zxvf ./overlay-
overlay-
overlay-
overlay-
overlay-
overlay-
Created tmpdir '/tmp/tmp.
Ubuntu 4.4.0-83.
Disabling kernel rate-limiting
kernel.
Loading /tmp/tmp.
chdir(/
Creating the overlay directories
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
- mkdir /tmp/tmp.
Populating /tmp/tmp.
- /tmp/tmp.
Populating /tmp/tmp.
- /tmp/tmp.
Perform the overlay
lower=/
upper=/
work=/tmp/
where=/
exe=/tmp/
- mount('overlay', '/tmp/tmp.
- success
- chdir('
- success
- chroot('.')
- success
starting '/tmp/tmp.
ls -ld / (EXFAIL)
- ls -ld /
drwxr-xr-x 1 root root 4096 Jul 12 16:05 /
FAIL: could ls -ld /
- ls / (EXFAIL)
ls: cannot open directory '/': Permission denied
- ls -lR / (EXFAIL)
ls: cannot open directory '/': Permission denied
Cleaning up
- umount /tmp/tmp.
- rm -rf /tmp/tmp.ilA8cS947i
Tested on 4.4, 4.10 and 4.11. Not sure if this is a duplicate or related to bug #1703988.