From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Brivio To: passt-dev@passt.top Subject: Re: [PATCH v2 04/10] Safer handling if we can't open /proc/self/uid_map Date: Fri, 09 Sep 2022 16:33:52 +0200 Message-ID: <20220909163352.50b566ab@elisabeth> In-Reply-To: <20220908035907.1750314-5-david@gibson.dropbear.id.au> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============7420670598764079037==" --===============7420670598764079037== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit On Thu, 8 Sep 2022 13:59:01 +1000 David Gibson wrote: > passt is allowed to run as "root" (UID 0) in a user namespace, but notas > real root in the init namespace. We read /proc/self/uid_map to determine > if we're in the init namespace or not. > > If we're unable to open /proc/self/uid_map we assume we're ok and continue > running as UID 0. This seems unwise: AFAIK the only instance in which > uid_map won't be available is if we're running on a kernel which doesn't > support user namespaces, in which case we won't be able to sandbox > ourselves as we want and fail anyway. Well, if user namespaces are not supported and the UID is 0, then we're actually running as root, so we should quit anyway. > If there are other circumstances > where it can't be opened it seems marginally more likely that we *are* > in the init namespace. That could also happen if procfs is not mounted, but I'm not sure what would work then. > Therefore, fail with an error in this case, instead of carrying on. Yes, absolutely. -- Stefano --===============7420670598764079037==--