Skip to content

Commit

Permalink
runsc:gofer: don't mount a new proc instance
Browse files Browse the repository at this point in the history 
If the existing proc instance has over-mounted areas, it can be
inpossible to mount a new /proc instance (look at SB_I_USERNS_VISIBLE
for more details).

Actually, runsc-gofer needs /proc just to open /proc/self/fd and to read
a few generic files, so it doesn't need a proc instance of the target
pid namespace.
  • Loading branch information
@avagin
avagin committed Dec 11, 2023
1 parent 43d1baa commit 063ee51
Showing 1 changed file with 12 additions and 9 deletions.
21 changes: 12 additions & 9 deletions runsc/cmd/gofer.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,24 +383,27 @@ func (g *Gofer) setupRootFS(spec *specs.Spec, conf *config.Config) error {
// We need a directory to construct a new root and we know that
// runsc can't start without /proc, so we can use it for this.
flags := uintptr(unix.MS_NOSUID | unix.MS_NODEV | unix.MS_NOEXEC)
if err := specutils.SafeMount("runsc-root", "/proc", "tmpfs", flags, "", procPath); err != nil {
if err := specutils.SafeMount("runsc-root", "/sys", "tmpfs", flags, "", procPath); err != nil {
util.Fatalf("error mounting tmpfs: %v", err)
}

// Prepare tree structure for pivot_root(2).
if err := os.Mkdir("/proc/proc", 0755); err != nil {
util.Fatalf("error creating /proc/proc: %v", err)
if err := os.Mkdir("/sys/proc", 0755); err != nil {
util.Fatalf("error creating /sys/proc: %v", err)
}
if err := os.Mkdir("/proc/root", 0755); err != nil {
util.Fatalf("error creating /proc/root: %v", err)
if err := os.Mkdir("/sys/root", 0755); err != nil {
util.Fatalf("error creating /sys/root: %v", err)
}
if err := os.Mkdir("/proc/etc", 0755); err != nil {
util.Fatalf("error creating /proc/etc: %v", err)
if err := os.Mkdir("/sys/etc", 0755); err != nil {
util.Fatalf("error creating /sys/etc: %v", err)
}
// This cannot use SafeMount because there's no available procfs. But we
// know that /proc is an empty tmpfs mount, so this is safe.
if err := unix.Mount("runsc-proc", "/proc/proc", "proc", flags|unix.MS_RDONLY, ""); err != nil {
util.Fatalf("error mounting proc: %v", err)
if err := unix.Mount("/proc", "/sys/proc", "", flags|unix.MS_RDONLY|unix.MS_BIND|unix.MS_REC, ""); err != nil {
util.Fatalf("error mounting /sys/proc: %v", err)
}
if err := unix.Mount("/sys", "/proc", "", unix.MS_MOVE, ""); err != nil {
util.Fatalf("error mounting /proc: %v", err)
}
// self/fd is bind-mounted, so that the FD return by
// OpenProcSelfFD() does not allow escapes with walking ".." .
Expand Down

0 comments on commit 063ee51

Please sign in to comment.