On Fri, Sep 09, 2022 at 04:33:52PM +0200, Stefano Brivio wrote:
> On Thu,  8 Sep 2022 13:59:01 +1000
> David Gibson <david(a)gibson.dropbear.id.au> wrote:
> 
> > passt is allowed to run as "root" (UID 0) in a user namespace, but notas
> > real root in the init namespace.  We read /proc/self/uid_map to determine
> > if we're in the init namespace or not.
> > 
> > If we're unable to open /proc/self/uid_map we assume we're ok and continue
> > running as UID 0.  This seems unwise: AFAIK the only instance in which
> > uid_map won't be available is if we're running on a kernel which doesn't
> > support user namespaces, in which case we won't be able to sandbox
> > ourselves as we want and fail anyway.
> 
> Well, if user namespaces are not supported and the UID is 0, then we're
> actually running as root, so we should quit anyway.

Right, that's kind of the whole point of this patch, but it's a bit
obscured in the wording here because I realized we'd actually fail
later anyway.

> > If there are other circumstances
> > where it can't be opened it seems marginally more likely that we *are*
> > in the init namespace.
> 
> That could also happen if procfs is not mounted, but I'm not sure what
> would work then.

True.  I'll reword the commit message to make both points clearer.

> > Therefore, fail with an error in this case, instead of carrying on.
> 
> Yes, absolutely.
> 

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson