mount_proc_if_needed: only safe mount when rootfs is defined

The safe_mount function was introduced in order to address CVE-2015-1335, one of the vulnerabilities being a mount with a symlink for the destination path. In scenarios such as lxc-execute with no rootfs, the destination path is the host /proc, which is previously mounted by the host, and is unmounted and mounted again in a new set of namespaces, therefore eliminating the need to check for it being a symlink. Mount the rootfs normally if the rootfs is NULL, keep the safe mount only for scenarios where a different rootfs is defined. Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
2025-07-27 09:48:32 +00:00 · 2016-01-20 10:53:57 +00:00 · 2016-01-20 10:53:57 +00:00 · f267d6668e
commit f267d6668e
parent 37cf83ea15
2 changed files with 10 additions and 1 deletions
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
 	return 0;
 }

+/* NOTE: not to be called from inside the container namespace! */
 int tmp_proc_mount(struct lxc_conf *lxc_conf)
 {
 	int mounted;
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@ -1704,6 +1704,8 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
 *
 * Returns < 0 on failure, 0 if the correct proc was already mounted
 * and 1 if a new proc was mounted.
+ *
+ * NOTE: not to be called from inside the container namespace!
 */
 int mount_proc_if_needed(const char *rootfs)
 {
@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
 	return 0;

 domount:
-	if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
+	if (!strcmp(rootfs,"")) /* rootfs is NULL */
+		ret = mount("proc", path, "proc", 0, NULL);
+	else
+		ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
+
+	if (ret < 0)
 		return -1;
+
 	INFO("Mounted /proc in container for security transition");
 	return 1;
 }