Ubuntu
checksecurity package

  1. Bug #2043521
  2. Activity log

Activity log for bug #2043521

Date Who What changed Old value New value Message
2023-11-14 22:29:07 Mitchell Dzurick bug added bug
2023-11-14 22:30:08 Mitchell Dzurick description repro: $ lxc launch ubuntu-daily:noble n $ lxc shell n # apt install -y checksecurity # checksecurity ... find: ‘/dev/.lxd-mounts’: Permission denied ... This comes from the extension check-setuid ``` root@n:~# checksecurity -debug Checking plugin DISKFREE Executing plugin diskfree (/usr/share/checksecurity/check-diskfree) Checking plugin IPTABLES-LOGS Plugin IPTABLES-LOGS Disabled Value was Checking plugin PASSWD Executing plugin passwd (/usr/share/checksecurity/check-passwd) Checking plugin SETUID Executing plugin setuid (/usr/share/checksecurity/check-setuid) find: ‘/dev/.lxd-mounts’: Permission denied Checking plugin SOCKETS Executing plugin sockets (/usr/share/checksecurity/check-sockets) ``` Debugging further: # sed '30s/^/set -x\n/' -i /usr/share/checksecurity/check-setuid # checksecurity ... + ionice -t -c3 find / /dev /dev/lxd /dev/.lxd-mounts /snap /run/snapd/ns/lxd.mnt -ignore_readdir_race -xdev ( -false ) -prune -o ( -type f -perm /06000 -o ( ( -type b -o -type c ) -a -not ( -false ) ) ) -printf %8i %5m %3n %-10u %-10g %9s %t %h/%f\n find: ‘/dev/.lxd-mounts’: Permission denied ... in an LXC container, attempting to use checksecurity will result in the string being printed: find: ‘/dev/.lxd-mounts’: Permission denied repro: $ lxc launch ubuntu-daily:noble n $ lxc shell n # apt install -y checksecurity # checksecurity ... find: ‘/dev/.lxd-mounts’: Permission denied ... This comes from the extension check-setuid ``` root@n:~# checksecurity -debug Checking plugin DISKFREE Executing plugin diskfree (/usr/share/checksecurity/check-diskfree) Checking plugin IPTABLES-LOGS Plugin IPTABLES-LOGS Disabled Value was Checking plugin PASSWD Executing plugin passwd (/usr/share/checksecurity/check-passwd) Checking plugin SETUID Executing plugin setuid (/usr/share/checksecurity/check-setuid) find: ‘/dev/.lxd-mounts’: Permission denied Checking plugin SOCKETS Executing plugin sockets (/usr/share/checksecurity/check-sockets) ``` Debugging further: # sed '30s/^/set -x\n/' -i /usr/share/checksecurity/check-setuid # checksecurity ... + ionice -t -c3 find / /dev /dev/lxd /dev/.lxd-mounts /snap /run/snapd/ns/lxd.mnt -ignore_readdir_race -xdev ( -false ) -prune -o ( -type f -perm /06000 -o ( ( -type b -o -type c ) -a -not ( -false ) ) ) -printf %8i %5m %3n %-10u %-10g %9s %t %h/%f\n find: ‘/dev/.lxd-mounts’: Permission denied ...
2023-11-15 15:27:42 Mitchell Dzurick summary checksecurity shows find: ‘/dev/.lxd-mounts’: Permission denied in lxc container checksecurity shows find: ‘/dev/.lxd-mounts’: Permission denied in lxd container
2023-11-15 15:27:48 Mitchell Dzurick description in an LXC container, attempting to use checksecurity will result in the string being printed: find: ‘/dev/.lxd-mounts’: Permission denied repro: $ lxc launch ubuntu-daily:noble n $ lxc shell n # apt install -y checksecurity # checksecurity ... find: ‘/dev/.lxd-mounts’: Permission denied ... This comes from the extension check-setuid ``` root@n:~# checksecurity -debug Checking plugin DISKFREE Executing plugin diskfree (/usr/share/checksecurity/check-diskfree) Checking plugin IPTABLES-LOGS Plugin IPTABLES-LOGS Disabled Value was Checking plugin PASSWD Executing plugin passwd (/usr/share/checksecurity/check-passwd) Checking plugin SETUID Executing plugin setuid (/usr/share/checksecurity/check-setuid) find: ‘/dev/.lxd-mounts’: Permission denied Checking plugin SOCKETS Executing plugin sockets (/usr/share/checksecurity/check-sockets) ``` Debugging further: # sed '30s/^/set -x\n/' -i /usr/share/checksecurity/check-setuid # checksecurity ... + ionice -t -c3 find / /dev /dev/lxd /dev/.lxd-mounts /snap /run/snapd/ns/lxd.mnt -ignore_readdir_race -xdev ( -false ) -prune -o ( -type f -perm /06000 -o ( ( -type b -o -type c ) -a -not ( -false ) ) ) -printf %8i %5m %3n %-10u %-10g %9s %t %h/%f\n find: ‘/dev/.lxd-mounts’: Permission denied ... in an LXD container, attempting to use checksecurity will result in the string being printed: find: ‘/dev/.lxd-mounts’: Permission denied repro: $ lxc launch ubuntu-daily:noble n $ lxc shell n # apt install -y checksecurity # checksecurity ... find: ‘/dev/.lxd-mounts’: Permission denied ... This comes from the extension check-setuid ``` root@n:~# checksecurity -debug Checking plugin DISKFREE Executing plugin diskfree (/usr/share/checksecurity/check-diskfree) Checking plugin IPTABLES-LOGS Plugin IPTABLES-LOGS Disabled Value was Checking plugin PASSWD Executing plugin passwd (/usr/share/checksecurity/check-passwd) Checking plugin SETUID Executing plugin setuid (/usr/share/checksecurity/check-setuid) find: ‘/dev/.lxd-mounts’: Permission denied Checking plugin SOCKETS Executing plugin sockets (/usr/share/checksecurity/check-sockets) ``` Debugging further: # sed '30s/^/set -x\n/' -i /usr/share/checksecurity/check-setuid # checksecurity ... + ionice -t -c3 find / /dev /dev/lxd /dev/.lxd-mounts /snap /run/snapd/ns/lxd.mnt -ignore_readdir_race -xdev ( -false ) -prune -o ( -type f -perm /06000 -o ( ( -type b -o -type c ) -a -not ( -false ) ) ) -printf %8i %5m %3n %-10u %-10g %9s %t %h/%f\n find: ‘/dev/.lxd-mounts’: Permission denied ...