Ubuntu
os-prober package

os-prober expects to run in a new private mount namespace, but new namespace is not private

Bug #2018271 reported by Olivier Gayot on 2023-05-02

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	os-prober (Debian)	New	Unknown	debbugs #1034485
	os-prober (Ubuntu)	Fix Released	Undecided	Dan Bungert

Bug Description

During execution of os-prober, other processes on the system can see the
temporary mounts to /var/lib/os-prober/mount even though os-prober runs
in a separate mount namespace.

In order to run os-prober in a more isolated mode, we introduced the
newns.c source file a while ago. We build it to a binary and ship it in
os-prober and os-prober-udeb.

The original idea was to run os-prober in a private mount namespace.
Sadly, calling the unshare(CLONE_NEWNS) system call is only enough to
create a new mount namespace. But it is not enough to make the new
namespace private.

While we can patch newns.c to make the new mount namespace private,
relying on unshare(1) from util-linux (which is an essential package)
seems like a more viable option.

Olivier Gayot (ogayot) on 2023-05-02

Changed in os-prober (Ubuntu):
assignee:	nobody → Olivier Gayot (ogayot)

Revision history for this message

Olivier Gayot (ogayot) wrote on 2023-05-02:

1-1.82ubuntu2__1.82ubuntu3.debdiff Edit (4.3 KiB, text/plain)

Adding debdiff removing the flawed newns binary and replacing it by the use of unshare. unshare --mount creates a private mount namespace by default, and it is shipped by util-linux [essential]

Changed in os-prober (Ubuntu):
assignee:	Olivier Gayot (ogayot) → nobody

Revision history for this message

Olivier Gayot (ogayot) wrote on 2023-05-02:

Green build on PPA: https://launchpad.net/~ogayot/+archive/ubuntu/mantic-proposed/+build/26019500

Revision history for this message

Dan Bungert (dbungert) wrote on 2023-05-02:

It's a little bit ceremonial, but I think it sensible to declare a relationship to the util-linux package. Recommends sounds appropriate.

Otherwise LGTM.

Dan Bungert (dbungert) on 2023-05-02

Changed in os-prober (Ubuntu):
assignee:	nobody → Dan Bungert (dbungert)
status:	New → In Progress

Bug Watch Updater (bug-watch-updater) on 2023-05-02

Changed in os-prober (Debian):
status:	Unknown → New

Revision history for this message

Olivier Gayot (ogayot) wrote on 2023-05-02:

Hi dbungert,

Thanks for reviewing this patch.

I tried the suggested change (adding util-linux as a Recommends) but it introduces the following lintian error:

E: os-prober: depends-on-essential-package-without-using-version Recommends: util-linux

Thanks,
Olivier

Revision history for this message

Olivier Gayot (ogayot) wrote on 2023-05-05:

2-1.82ubuntu2__1.82ubuntu3.debdiff Edit (5.3 KiB, text/plain)

Adding updated debdiff that declares Recommends: util-linux (>> 2.37.2).

Revision history for this message

Dan Bungert (dbungert) wrote on 2023-05-05:

Uploaded, thanks!

Changed in os-prober (Ubuntu):
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-05-05:

This bug was fixed in the package os-prober - 1.81ubuntu3

---------------
os-prober (1.81ubuntu3) mantic; urgency=medium

  * Replace newns by unshare --mount from util-linux [essential]. This makes
    os-prober run in a private mount namespace, as it was initially intended.
    (LP: #2018271)

-- Olivier Gayot <email address hidden> Tue, 02 May 2023 09:19:22 +0200