[libvirt] [PATCH 0/2] fail out if enable userns but disable netns
Chen Hanxiao (2): Revert "LXC: create a bind mount for sysfs when enable userns but disable netns" LXC: make sure netns been enabled when trying to enable userns src/lxc/lxc_container.c | 45 ++++++++++++++++----------------------------- 1 file changed, 16 insertions(+), 29 deletions(-) -- 2.1.0
This reverts commit a86b6215a74b1feb2667204e214fbfd2f7decc5c. Discussed at: http://www.redhat.com/archives/libvir-list/2015-March/msg01023.html Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com> Conflicts: src/lxc/lxc_container.c --- src/lxc/lxc_container.c | 43 ++++++++++--------------------------------- 1 file changed, 10 insertions(+), 33 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index cc20b6d..e34968a 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -934,8 +934,6 @@ static int lxcContainerMountBasicFS(bool userns_enabled, { size_t i; int rc = -1; - char* mnt_src = NULL; - int mnt_mflags; VIR_DEBUG("Mounting basic filesystems"); @@ -943,23 +941,8 @@ static int lxcContainerMountBasicFS(bool userns_enabled, bool bindOverReadonly; virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; - /* When enable userns but disable netns, kernel will - * forbid us doing a new fresh mount for sysfs. - * So we had to do a bind mount for sysfs instead. - */ - if (userns_enabled && netns_disabled && - STREQ(mnt->src, "sysfs")) { - if (VIR_STRDUP(mnt_src, "/sys") < 0) - goto cleanup; - mnt_mflags = MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY|MS_BIND; - } else { - if (VIR_STRDUP(mnt_src, mnt->src) < 0) - goto cleanup; - mnt_mflags = mnt->mflags; - } - VIR_DEBUG("Processing %s -> %s", - mnt_src, mnt->dst); + mnt->src, mnt->dst); if (mnt->skipUnmounted) { char *hostdir; @@ -976,28 +959,24 @@ static int lxcContainerMountBasicFS(bool userns_enabled, if (ret == 0) { VIR_DEBUG("Skipping '%s' which isn't mounted in host", mnt->dst); - VIR_FREE(mnt_src); continue; } } if (mnt->skipUserNS && userns_enabled) { VIR_DEBUG("Skipping due to user ns enablement"); - VIR_FREE(mnt_src); continue; } /* Skip mounts with missing source without shouting: it may be a * missing folder in /proc due to the absence of a kernel feature */ - if (STRPREFIX(mnt_src, "/") && !virFileExists(mnt_src)) { - VIR_DEBUG("Skipping due to missing source: %s", mnt_src); - VIR_FREE(mnt_src); + if (STRPREFIX(mnt->src, "/") && !virFileExists(mnt->src)) { + VIR_DEBUG("Skipping due to missing source: %s", mnt->src); continue; } if (mnt->skipNoNetns && netns_disabled) { VIR_DEBUG("Skipping due to absence of network namespace"); - VIR_FREE(mnt_src); continue; } @@ -1015,35 +994,33 @@ static int lxcContainerMountBasicFS(bool userns_enabled, * we mount the filesystem in read-write mode initially, and then do a * separate read-only bind mount on top of that. */ - bindOverReadonly = !!(mnt_mflags & MS_RDONLY); + bindOverReadonly = !!(mnt->mflags & MS_RDONLY); VIR_DEBUG("Mount %s on %s type=%s flags=%x", - mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY); - if (mount(mnt_src, mnt->dst, mnt->type, mnt_mflags & ~MS_RDONLY, NULL) < 0) { + mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY); + if (mount(mnt->src, mnt->dst, mnt->type, mnt->mflags & ~MS_RDONLY, NULL) < 0) { virReportSystemError(errno, _("Failed to mount %s on %s type %s flags=%x"), - mnt_src, mnt->dst, NULLSTR(mnt->type), - mnt_mflags & ~MS_RDONLY); + mnt->src, mnt->dst, NULLSTR(mnt->type), + mnt->mflags & ~MS_RDONLY); goto cleanup; } if (bindOverReadonly && - mount(mnt_src, mnt->dst, NULL, + mount(mnt->src, mnt->dst, NULL, MS_BIND|MS_REMOUNT|MS_RDONLY, NULL) < 0) { virReportSystemError(errno, _("Failed to re-mount %s on %s flags=%x"), - mnt_src, mnt->dst, + mnt->src, mnt->dst, MS_BIND|MS_REMOUNT|MS_RDONLY); goto cleanup; } - VIR_FREE(mnt_src); } rc = 0; cleanup: - VIR_FREE(mnt_src); VIR_DEBUG("rc=%d", rc); return rc; } -- 2.1.0
On Sun, Mar 22, 2015 at 11:46:22PM -0400, Chen Hanxiao wrote:
This reverts commit a86b6215a74b1feb2667204e214fbfd2f7decc5c.
Only partially. I think it should also revert the netns_disabled argrument, see my reply to patch 2/2.
Discussed at: http://www.redhat.com/archives/libvir-list/2015-March/msg01023.html
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Conflicts: src/lxc/lxc_container.c
It would be helpful to list the conflicts here (though it looks it was just context). Jan
Hi, Jan
-----Original Message----- From: Ján Tomko [mailto:jtomko@redhat.com] Sent: Tuesday, April 07, 2015 6:52 PM To: Chen, Hanxiao/陈 晗霄 Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH 1/2] Revert "LXC: create a bind mount for sysfs when enable userns but disable netns"
On Sun, Mar 22, 2015 at 11:46:22PM -0400, Chen Hanxiao wrote:
This reverts commit a86b6215a74b1feb2667204e214fbfd2f7decc5c.
Only partially. I think it should also revert the netns_disabled argrument, see my reply to patch 2/2.
Discussed at: http://www.redhat.com/archives/libvir-list/2015-March/msg01023.html
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Conflicts: src/lxc/lxc_container.c
It would be helpful to list the conflicts here (though it looks it was just context).
You mean all context in <<<<<<< HEAD =======
> parent of should be posted?
There are also some codes depend on this patch, should them be in a separate patch, or modified in this revert patch? Regards, - Chen
On Wed, Apr 08, 2015 at 07:54:51AM +0000, Chen, Hanxiao wrote:
Hi, Jan
-----Original Message----- From: Ján Tomko [mailto:jtomko@redhat.com] Sent: Tuesday, April 07, 2015 6:52 PM To: Chen, Hanxiao/陈 晗霄 Cc: libvir-list@redhat.com Subject: Re: [libvirt] [PATCH 1/2] Revert "LXC: create a bind mount for sysfs when enable userns but disable netns"
On Sun, Mar 22, 2015 at 11:46:22PM -0400, Chen Hanxiao wrote:
This reverts commit a86b6215a74b1feb2667204e214fbfd2f7decc5c.
Only partially. I think it should also revert the netns_disabled argrument, see my reply to patch 2/2.
Discussed at: http://www.redhat.com/archives/libvir-list/2015-March/msg01023.html
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
Conflicts: src/lxc/lxc_container.c
It would be helpful to list the conflicts here (though it looks it was just context).
You mean all context in <<<<<<< HEAD
=======
>> parent of should be posted?
If you only had to move the lines around, writing Conflicts: src/lxc/lxc_container.c - context should be enough. If you had to change them (variables/structures/functions have been renamed since, or their behavior changed), it's nice to mention them.
There are also some codes depend on this patch, should them be in a separate patch, or modified in this revert patch?
If they depend on parts of the original commit a86b621, it's okay to do a partial revert (if you say that in the commit message). Jan
Discussed at: http://www.redhat.com/archives/libvir-list/2015-March/msg01023.html Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com> --- src/lxc/lxc_container.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index e34968a..69a8f2f 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -941,6 +941,16 @@ static int lxcContainerMountBasicFS(bool userns_enabled, bool bindOverReadonly; virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i]; + /* When enable userns but disable netns, kernel will + * forbid us doing a new fresh mount for sysfs for security reason. + * So we should not allow this. + */ + if (userns_enabled && netns_disabled) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Userns could not be enabled without netns")); + goto cleanup; + } + VIR_DEBUG("Processing %s -> %s", mnt->src, mnt->dst); -- 2.1.0
On Sun, Mar 22, 2015 at 11:46:23PM -0400, Chen Hanxiao wrote:
Discussed at: http://www.redhat.com/archives/libvir-list/2015-March/msg01023.html
Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com> --- src/lxc/lxc_container.c | 10 ++++++++++ 1 file changed, 10 insertions(+)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index e34968a..69a8f2f 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -941,6 +941,16 @@ static int lxcContainerMountBasicFS(bool userns_enabled, bool bindOverReadonly; virLXCBasicMountInfo const *mnt = &lxcBasicMounts[i];
+ /* When enable userns but disable netns, kernel will + * forbid us doing a new fresh mount for sysfs for security reason. + * So we should not allow this. + */ + if (userns_enabled && netns_disabled) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("Userns could not be enabled without netns")); + goto cleanup; + } +
These bools are just the idmap.nuidmap and nnets values from vmDef, so this only depends on the domain definition. I think we can reject this configuration much sooner, for exmaple in lxcContainerStart. Jan
-----Original Message----- From: libvir-list-bounces@redhat.com [mailto:libvir-list-bounces@redhat.com] On Behalf Of Chen Hanxiao Sent: Monday, March 23, 2015 11:46 AM To: libvir-list@redhat.com Subject: [libvirt] [PATCH 0/2] fail out if enable userns but disable netns
Chen Hanxiao (2): Revert "LXC: create a bind mount for sysfs when enable userns but disable netns" LXC: make sure netns been enabled when trying to enable userns
src/lxc/lxc_container.c | 45 ++++++++++++++++----------------------------- 1 file changed, 16 insertions(+), 29 deletions(-)
ping Regards, - Chen
-----Original Message----- From: Chen, Hanxiao/陈 晗霄 Sent: Thursday, March 26, 2015 10:49 AM To: Chen, Hanxiao/陈 晗霄; libvir-list@redhat.com Subject: RE: [libvirt] [PATCH 0/2] fail out if enable userns but disable netns
-----Original Message----- From: libvir-list-bounces@redhat.com [mailto:libvir-list-bounces@redhat.com] On Behalf Of Chen Hanxiao Sent: Monday, March 23, 2015 11:46 AM To: libvir-list@redhat.com Subject: [libvirt] [PATCH 0/2] fail out if enable userns but disable netns
Chen Hanxiao (2): Revert "LXC: create a bind mount for sysfs when enable userns but disable netns" LXC: make sure netns been enabled when trying to enable userns
src/lxc/lxc_container.c | 45 ++++++++++++++++----------------------------- 1 file changed, 16 insertions(+), 29 deletions(-)
ping
ping Regards, - Chen
participants (3)
-
Chen Hanxiao -
Chen, Hanxiao
-
Ján Tomko