[policycoreutils] Fix the handling of namespaces in seunshare/sandbox. Currently mounting of directories within sandbo
Daniel J Walsh
dwalsh at fedoraproject.org
Fri Dec 23 10:08:42 UTC 2011
commit 42e269dd3c4a7e9b2b3182c2691acbadef7e1d86
Author: Dan Walsh <dwalsh at redhat.com>
Date: Fri Dec 23 10:08:38 2011 +0000
Fix the handling of namespaces in seunshare/sandbox.
Currently mounting of directories within sandbox is propogating to the
parent namesspace.
policycoreutils-rhat.patch | 91 ++++++++++++++++++++++++++++----------------
policycoreutils.spec | 7 +++-
2 files changed, 64 insertions(+), 34 deletions(-)
---
diff --git a/policycoreutils-rhat.patch b/policycoreutils-rhat.patch
index f73410d..19ffd0b 100644
--- a/policycoreutils-rhat.patch
+++ b/policycoreutils-rhat.patch
@@ -81,47 +81,72 @@ index 9db766c..92034be 100644
* Do not execvp the command directly from run_init; since it would run
* under with a pty under sysadm_devpts_t. Instead, we call open_init_tty,
diff --git a/policycoreutils/sandbox/seunshare.c b/policycoreutils/sandbox/seunshare.c
-index c493e98..0bc35f3 100644
+index c493e98..902792e 100644
--- a/policycoreutils/sandbox/seunshare.c
+++ b/policycoreutils/sandbox/seunshare.c
-@@ -59,7 +59,7 @@ static int verbose = 0;
- static int child = 0;
-
- static capng_select_t cap_set = CAPNG_SELECT_BOTH;
--
-+static int var_tmp_mounted = 0;
- /**
- * This function will drop all capabilities.
+@@ -43,8 +43,8 @@
+ #define MS_REC 1<<14
+ #endif
+
+-#ifndef MS_PRIVATE
+-#define MS_PRIVATE 1<<18
++#ifndef MS_SLAVE
++#define MS_SLAVE 1<<19
+ #endif
+
+ #ifndef PACKAGE
+@@ -255,7 +255,7 @@ static int verify_shell(const char *shell_name)
*/
-@@ -292,6 +292,8 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
- fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
+ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st)
+ {
+- int flags = MS_REC;
++ int flags = 0;
+ int is_tmp = 0;
+
+ if (verbose)
+@@ -267,14 +267,6 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
+ }
+
+ /* mount directory */
+- if (mount(dst, dst, NULL, MS_BIND | flags, NULL) < 0) {
+- fprintf(stderr, _("Failed to mount %s on %s: %s\n"), dst, dst, strerror(errno));
+- return -1;
+- }
+- if (mount(dst, dst, NULL, MS_PRIVATE | flags, NULL) < 0) {
+- fprintf(stderr, _("Failed to make %s private: %s\n"), dst, strerror(errno));
+- return -1;
+- }
+ if (mount(src, dst, NULL, MS_BIND | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to mount %s on %s: %s\n"), src, dst, strerror(errno));
+ return -1;
+@@ -288,14 +280,6 @@ static int seunshare_mount(const char *src, const char *dst, struct stat *src_st
+ if (verbose)
+ printf(_("Mounting /tmp on /var/tmp\n"));
+
+- if (mount("/var/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
+- fprintf(stderr, _("Failed to mount /var/tmp on /var/tmp: %s\n"), strerror(errno));
+- return -1;
+- }
+- if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
+- fprintf(stderr, _("Failed to make /var/tmp private: %s\n"), strerror(errno));
+- return -1;
+- }
+ if (mount("/tmp", "/var/tmp", NULL, MS_BIND | flags, NULL) < 0) {
+ fprintf(stderr, _("Failed to mount /tmp on /var/tmp: %s\n"), strerror(errno));
return -1;
+@@ -967,6 +951,13 @@ int main(int argc, char **argv) {
+ goto childerr;
}
-+ var_tmp_mounted = 1;
-+
- if (mount("/var/tmp", "/var/tmp", NULL, MS_PRIVATE | flags, NULL) < 0) {
- fprintf(stderr, _("Failed to make /var/tmp private: %s\n"), strerror(errno));
- return -1;
-@@ -1031,12 +1033,18 @@ childerr:
- exit(-1);
- }
-- drop_caps();
--
- /* parent waits for child exit to do the cleanup */
- waitpid(child, &status, 0);
- status_to_retval(status, status);
-
-+ if (var_tmp_mounted) {
-+ /* attempt to umount /var/tmp twice on exit */
-+ if (umount("/var/tmp") < 0) perror("umount /var/tmp");
-+ if (umount("/var/tmp") < 0) perror("umount /var/tmp");
-+ }
-+
-+ drop_caps();
++ /* Remount / as SLAVE so that nothing mounted in the namespace
++ shows up in the parent */
++ if (mount("/", "/", NULL, MS_SLAVE | MS_REC , NULL) < 0) {
++ fprintf(stderr, _("Failed to make / a SLAVE mountpoint\n"));
++ goto childerr;
++ }
+
- /* Make sure all child processes exit */
- kill(-child,SIGTERM);
+ /* assume fsuid==ruid after this point */
+ setfsuid(uid);
diff --git a/policycoreutils/scripts/genhomedircon b/policycoreutils/scripts/genhomedircon
index ab696a7..58b19cd 100644
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 4cd2c09..a89dbf8 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
Summary: SELinux policy core utilities
Name: policycoreutils
Version: 2.1.10
-Release: 3%{?dist}
+Release: 4%{?dist}
License: GPLv2
Group: System Environment/Base
# Based on git repository with tag 20101221
@@ -356,6 +356,11 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog
+* Fri Dec 23 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.10-4
+- Fix the handling of namespaces in seunshare/sandbox.
+- Currently mounting of directories within sandbox is propogating to the
+- parent namesspace.
+
* Thu Dec 22 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.10-3
- Add umount code to seunshare to cleanup left over mounts of /var/tmp
More information about the scm-commits
mailing list