The resolve_dirfd_path function uses getpid to determine the location of the /proc/self/fd directory: > sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd); However, this doesn't work if /proc was mounted by a process in a different pid namespace. Possible solutions include: 1) Always create a mount namespace when creating a pid namespace, and remount /proc so that /proc/<pid> entries are always consistent with the current pid namespace. 2) Use readlink on /proc/self instead of getpid to determine the pid of self in the pid namespace of the /proc mount. 3) Use /proc/self or /dev/fd directly. This patch implements the third choice: > Signed-off-by: Zac Medico <zmedico@gentoo.org> > diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c > index 9ef13b1..a1c2f1b 100644 > --- a/libsandbox/libsandbox.c > +++ b/libsandbox/libsandbox.c > @@ -127,3 +127,10 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path, > size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0); > - sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd); > + if (trace_pid) > + sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid, dirfd); > + else > + /* If /proc was mounted by a process in a different pid namespace, > + * getpid cannot be used create a valid /proc/<pid> path. Instead > + * use sb_get_fd_dir() which works in any case. > + */ > + sprintf(resolved_path, "%s/%i", sb_get_fd_dir(), dirfd); > ssize_t ret = readlink(resolved_path, resolved_path, at_len);
Patch sent as PR: https://github.com/gentoo/sandbox/pull/1
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=fcb399f5a685f088b9f10d9d57e326ee78f9e6dd commit fcb399f5a685f088b9f10d9d57e326ee78f9e6dd Author: Zac Medico <zmedico@gentoo.org> AuthorDate: 2018-11-12 03:56:24 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-12-02 15:17:39 +0000 libsandbox: resolve_dirfd_path /proc/<pid> namespace safety If /proc was mounted by a process in a different pid namespace, getpid cannot be used create a valid /proc/<pid> path. Instead use sb_get_fd_dir() which works in any case. This implements option 3 of these choices: 1) Always create a mount namespace when creating a pid namespace, and remount /proc so that /proc/<pid> entries are always consistent with the current pid namespace. 2) Use readlink on /proc/self instead of getpid to determine the pid of self in the pid namespace of the /proc mount. 3) Use /proc/self or /dev/fd directly. Bug: https://bugs.gentoo.org/670966 Signed-off-by: Zac Medico <zmedico@gentoo.org> Closes: https://github.com/gentoo/sandbox/pull/1 Signed-off-by: Michał Górny <mgorny@gentoo.org> libsandbox/libsandbox.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e7e9b5b023472b04e5585f863580b3892b3e9f4 commit 0e7e9b5b023472b04e5585f863580b3892b3e9f4 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2018-12-02 15:35:33 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2018-12-02 15:57:00 +0000 sys-apps/sandbox: Bump to 2.14 Closes: https://bugs.gentoo.org/670966 Signed-off-by: Michał Górny <mgorny@gentoo.org> sys-apps/sandbox/Manifest | 1 + sys-apps/sandbox/sandbox-2.14.ebuild | 76 ++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+)