Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 670966

Summary: sys-apps/sandbox-2.13: resolve_dirfd_path getpid usage incompatible with /proc mounted from different pid namespace
Product: Portage Development Reporter: Zac Medico <zmedico>
Component: SandboxAssignee: Sandbox Maintainers <sandbox>
Status: RESOLVED FIXED    
Severity: normal Keywords: PATCH
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Zac Medico gentoo-dev 2018-11-12 03:47:25 UTC 
The resolve_dirfd_path function uses getpid to determine the location of the /proc/self/fd directory:

> sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd);

However, this doesn't work if /proc was mounted by a process in a different pid namespace. Possible solutions include:

1) Always create a mount namespace when creating a pid namespace, and remount /proc so that /proc/<pid> entries are always consistent with the current pid namespace.

2) Use readlink on /proc/self instead of getpid to determine the pid of self in the pid namespace of the /proc mount.

3) Use /proc/self or /dev/fd directly.

This patch implements the third choice:

> Signed-off-by: Zac Medico <zmedico@gentoo.org>
> diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
> index 9ef13b1..a1c2f1b 100644
> --- a/libsandbox/libsandbox.c
> +++ b/libsandbox/libsandbox.c
> @@ -127,3 +127,10 @@ int resolve_dirfd_path(int dirfd, const char *path, char *resolved_path,
>  	size_t at_len = resolved_path_len - 1 - 1 - (path ? strlen(path) : 0);
> -	sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid ? : getpid(), dirfd);
> +	if (trace_pid)
> +	    sprintf(resolved_path, "/proc/%i/fd/%i", trace_pid, dirfd);
> +	else
> +	    /* If /proc was mounted by a process in a different pid namespace,
> +	     * getpid cannot be used create a valid /proc/<pid> path. Instead
> +	     * use sb_get_fd_dir() which works in any case.
> +	     */
> +	    sprintf(resolved_path, "%s/%i", sb_get_fd_dir(), dirfd);
>  	ssize_t ret = readlink(resolved_path, resolved_path, at_len);
Comment 1 Zac Medico gentoo-dev 2018-11-12 04:05:48 UTC 
Patch sent as PR: https://github.com/gentoo/sandbox/pull/1
Comment 2 Larry the Git Cow gentoo-dev 2018-12-02 15:22:14 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=fcb399f5a685f088b9f10d9d57e326ee78f9e6dd

commit fcb399f5a685f088b9f10d9d57e326ee78f9e6dd
Author:     Zac Medico <zmedico@gentoo.org>
AuthorDate: 2018-11-12 03:56:24 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2018-12-02 15:17:39 +0000

    libsandbox: resolve_dirfd_path /proc/<pid> namespace safety
    
    If /proc was mounted by a process in a different pid namespace,
    getpid cannot be used create a valid /proc/<pid> path. Instead
    use sb_get_fd_dir() which works in any case. This implements
    option 3 of these choices:
    
    1) Always create a mount namespace when creating a pid namespace,
       and remount /proc so that /proc/<pid> entries are always consistent
       with the current pid namespace.
    
    2) Use readlink on /proc/self instead of getpid to determine the pid
       of self in the pid namespace of the /proc mount.
    
    3) Use /proc/self or /dev/fd directly.
    
    Bug: https://bugs.gentoo.org/670966
    Signed-off-by: Zac Medico <zmedico@gentoo.org>
    Closes: https://github.com/gentoo/sandbox/pull/1
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 libsandbox/libsandbox.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2018-12-02 15:57:11 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e7e9b5b023472b04e5585f863580b3892b3e9f4

commit 0e7e9b5b023472b04e5585f863580b3892b3e9f4
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: 2018-12-02 15:35:33 +0000
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: 2018-12-02 15:57:00 +0000

    sys-apps/sandbox: Bump to 2.14
    
    Closes: https://bugs.gentoo.org/670966
    Signed-off-by: Michał Górny <mgorny@gentoo.org>

 sys-apps/sandbox/Manifest            |  1 +
 sys-apps/sandbox/sandbox-2.14.ebuild | 76 ++++++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+)