Bug in ensure_not_symlink() from 0003-CVE-2015-1335.patch
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
lxc (Ubuntu) |
Invalid
|
High
|
Unassigned | ||
Trusty |
Fix Released
|
High
|
Unassigned |
Bug Description
=======
SRU Justification
Impact: cannot start containers with lxc.mount.entries which are recursive bind mounts
Regression potential: this makes assumptions about the ordering of /proc/self/
Test case:
#!/bin/sh
set -ex
cleanup() {
umount /mnt/etc /mnt/proc || true
lxc-stop -n t1 -k || true
lxc-destroy -n t1 || true
}
trap cleanup EXIT
mkdir -p /mnt/etc /mnt/proc
mount --bind /etc /mnt/etc
mount --bind /proc /mnt/proc
lxc-create -t download -n t1 -- -d ubuntu -r trusty -a amd64
cat >> /var/lib/
lxc.mount.entry = /mnt hostmnt none rbind,create=dir
EOF
lxc-start -n t1 -F -l trace -o /dev/stdout
echo "DONE"
=======
This bug/limitation is present in lxc from 1.0.7-0ubuntu0.5 through 1.0.7-0ubuntu0.9 (or anything that incorporates 0003-CVE-
ensure_not_symlink: 1413 Mount onto /usr/lib/
Sorry if this is a duplicate, I did spend quite some time trying to find a similar report.
Thanks!
Changed in lxc (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in lxc (Ubuntu): | |
status: | Confirmed → Fix Released |
description: | updated |
tags: |
added: verification-done removed: verification-needed |
Thanks - haven't tested, but it certainly makes sense.
status: confirmed
importance: high