kernel-packages team mailing list archive

Thread
Date

[Bug 1582378] Re: Unsharing user and ipc namespaces simultaneously makes mqueue unmountable

To: kernel-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Forshee <seth.forshee+lp@xxxxxxxxxxxxx>
Date: Mon, 16 May 2016 21:26:19 -0000
Reply-to: Bug 1582378 <1582378@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Description changed:

  Impact: When the ipc and user namespaces are unshared in a single system
  call mqueue will do an internal mount of the new mqueue super block
  before the new user namespace is installed. This results in s_user_ns
  being set to the parent user ns, however the new ipc ns is owned by the
  new user ns. Attempting to mount the mqueue filesystem in the new user
  ns results in EBUSY when it should succeed. This breaks docker when user
  namespace support is enabled.
  
  Fix: Use the ipc namespace's owner for s_user_ns for all mqueue mounts.
  Since mqueue already checks that the user has CAP_SYS_ADMIN in this
  namespace for any userspace mounts we already know the user is
  sufficiently privileged, and this is really the only arrangement that
  makes sense.
  
  Test Case: The following commands will result in a failure to mount
  mqueue without the fix; with the fix the mount will succeed.
  
  $ mkdir mnt
  $ unshare -Umuniprf --mount-proc bash
  # mount -t mqueue mqueue mnt
+ 
+ Originally reported at https://github.com/docker/docker/issues/22633.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1582378

Title:
  Unsharing user and ipc namespaces simultaneously makes mqueue
  unmountable

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Xenial:
  In Progress

Bug description:
  Impact: When the ipc and user namespaces are unshared in a single
  system call mqueue will do an internal mount of the new mqueue super
  block before the new user namespace is installed. This results in
  s_user_ns being set to the parent user ns, however the new ipc ns is
  owned by the new user ns. Attempting to mount the mqueue filesystem in
  the new user ns results in EBUSY when it should succeed. This breaks
  docker when user namespace support is enabled.

  Fix: Use the ipc namespace's owner for s_user_ns for all mqueue
  mounts. Since mqueue already checks that the user has CAP_SYS_ADMIN in
  this namespace for any userspace mounts we already know the user is
  sufficiently privileged, and this is really the only arrangement that
  makes sense.

  Test Case: The following commands will result in a failure to mount
  mqueue without the fix; with the fix the mount will succeed.

  $ mkdir mnt
  $ unshare -Umuniprf --mount-proc bash
  # mount -t mqueue mqueue mnt

  Originally reported at https://github.com/docker/docker/issues/22633.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1582378/+subscriptions

References

[Bug 1582378] [NEW] Unsharing user and ipc namespaces simultaneously makes mqueue unmountable
From: Seth Forshee, 2016-05-16