GNU bug report logs -
#43673
[PATCH] linux-container: Reset jailed root permissions.
Previous Next
Reported by: Jelle Licht <jlicht <at> fsfe.org>
Date: Mon, 28 Sep 2020 14:35:02 UTC
Severity: normal
Tags: patch
Done: Jelle Licht <jlicht <at> fsfe.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 43673 in the body.
You can then email your comments to 43673 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#43673; Package
guix-patches.
(Mon, 28 Sep 2020 14:35:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Jelle Licht <jlicht <at> fsfe.org>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Mon, 28 Sep 2020 14:35:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/build/linux-container.scm (mount-file-systems): Add 'chmod' call.
---
gnu/build/linux-container.scm | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 2d4de788df..4a8bed5a9a 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -170,7 +170,8 @@ for the process."
(pivot-root root put-old)
(chdir "/")
(umount "real-root" MNT_DETACH)
- (rmdir "real-root")))
+ (rmdir "real-root")
+ (chmod "/" #o755)))
(define* (initialize-user-namespace pid host-uids
#:key (guest-uid 0) (guest-gid 0))
--
2.28.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#43673; Package
guix-patches.
(Tue, 29 Sep 2020 20:29:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 43673 <at> debbugs.gnu.org (full text, mbox):
Hi,
Jelle Licht <jlicht <at> fsfe.org> skribis:
> * gnu/build/linux-container.scm (mount-file-systems): Add 'chmod' call.
Well done! Could you add a test checking (stat:perms (lstat "/")) in
tests/containers.scm?
Thanks,
Ludo’.
Information forwarded
to
guix-patches <at> gnu.org:
bug#43673; Package
guix-patches.
(Tue, 29 Sep 2020 21:26:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 43673 <at> debbugs.gnu.org (full text, mbox):
* gnu/build/linux-container.scm (mount-file-systems): Add 'chmod' call.
* tests/containers.scm
("call-with-container, mnt namespace, root permissions"): New test.
---
gnu/build/linux-container.scm | 3 ++-
tests/containers.scm | 8 ++++++++
2 files changed, 10 insertions(+), 1 deletion(-)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 2d4de788df..4a8bed5a9a 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -170,7 +170,8 @@ for the process."
(pivot-root root put-old)
(chdir "/")
(umount "real-root" MNT_DETACH)
- (rmdir "real-root")))
+ (rmdir "real-root")
+ (chmod "/" #o755)))
(define* (initialize-user-namespace pid host-uids
#:key (guest-uid 0) (guest-gid 0))
diff --git a/tests/containers.scm b/tests/containers.scm
index 7b63e5c108..608902c41a 100644
--- a/tests/containers.scm
+++ b/tests/containers.scm
@@ -133,6 +133,14 @@
(lambda ()
(primitive-exit 0)))))
+(skip-if-unsupported)
+(test-assert "call-with-container, mnt namespace, root permissions"
+ (zero?
+ (call-with-container '()
+ (lambda ()
+ (assert-exit (= #o755 (stat:perms (lstat "/")))))
+ #:namespaces '(user mnt))))
+
(skip-if-unsupported)
(test-assert "container-excursion"
(call-with-temporary-directory
--
2.28.0
Information forwarded
to
guix-patches <at> gnu.org:
bug#43673; Package
guix-patches.
(Thu, 01 Oct 2020 09:36:01 GMT)
Full text and
rfc822 format available.
Message #14 received at 43673 <at> debbugs.gnu.org (full text, mbox):
Hi,
Jelle Licht <jlicht <at> fsfe.org> skribis:
> * gnu/build/linux-container.scm (mount-file-systems): Add 'chmod' call.
> * tests/containers.scm
> ("call-with-container, mnt namespace, root permissions"): New test.
LGTM, thanks!
Ludo’.
Reply sent
to
Jelle Licht <jlicht <at> fsfe.org>:
You have taken responsibility.
(Thu, 01 Oct 2020 11:49:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Jelle Licht <jlicht <at> fsfe.org>:
bug acknowledged by developer.
(Thu, 01 Oct 2020 11:49:02 GMT)
Full text and
rfc822 format available.
Message #19 received at 43673-done <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> Hi,
>
> Jelle Licht <jlicht <at> fsfe.org> skribis:
>
>> * gnu/build/linux-container.scm (mount-file-systems): Add 'chmod' call.
>> * tests/containers.scm
>> ("call-with-container, mnt namespace, root permissions"): New test.
>
> LGTM, thanks!
>
> Ludo’.
Pushed as e7481835 on master, thanks for the fast review!
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 30 Oct 2020 11:24:11 GMT)
Full text and
rfc822 format available.
This bug report was last modified 4 years and 234 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.