checksecurity shows find: ‘/dev/.lxd-mounts’: Permission denied in lxd container
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
checksecurity (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
in an LXD container, attempting to use checksecurity will result in the string being printed:
find: ‘/dev/.lxd-mounts’: Permission denied
repro:
$ lxc launch ubuntu-daily:noble n
$ lxc shell n
# apt install -y checksecurity
# checksecurity
...
find: ‘/dev/.lxd-mounts’: Permission denied
...
This comes from the extension check-setuid
```
root@n:~# checksecurity -debug
Checking plugin DISKFREE
Executing plugin diskfree (/usr/share/
Checking plugin IPTABLES-LOGS
Plugin IPTABLES-LOGS Disabled
Value was
Checking plugin PASSWD
Executing plugin passwd (/usr/share/
Checking plugin SETUID
Executing plugin setuid (/usr/share/
find: ‘/dev/.lxd-mounts’: Permission denied
Checking plugin SOCKETS
Executing plugin sockets (/usr/share/
```
Debugging further:
# sed '30s/^/set -x\n/' -i /usr/share/
# checksecurity
...
+ ionice -t -c3 find / /dev /dev/lxd /dev/.lxd-mounts /snap /run/snapd/
find: ‘/dev/.lxd-mounts’: Permission denied
...
I don't have time to fix this, just reporting an issue I noticed during the noble merge.