Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

jailer doesn't ensure correct permissions for /dev inside the jail #1802

Closed
aghecenco opened this issue Apr 20, 2020 · 0 comments
Closed

jailer doesn't ensure correct permissions for /dev inside the jail #1802

aghecenco opened this issue Apr 20, 2020 · 0 comments
Assignees
@aghecenco
Labels
Priority: High Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled Type: Bug Indicates an unexpected problem or unintended behavior

Comments

@aghecenco
Copy link
Contributor

The jailer creates the /dev, /dev/net and /run folders inside the jail but doesn't ensure that they're accessible for the unprivileged user which firecracker will run under. This can lead to errors when attempting to open devices (dev/kvm and /dev/net/tun), even if the permissions on the devices themselves are correctly set.

firecracker/src/jailer/src/env.rs

Line 180 in 8943f41

fs::create_dir_all(path).map_err(|e| Error::CreateDir(PathBuf::from(path), e))?;

@aghecenco aghecenco self-assigned this Apr 20, 2020
@aghecenco aghecenco added Priority: High Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled Type: Bug Indicates an unexpected problem or unintended behavior labels Apr 20, 2020
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 20, 2020
@aghecenco
jailer: chmod 755 on folders inside jail
d6d0eb8 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 20, 2020
@aghecenco
jailer: chmod 755 on folders inside jail
bf78332 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
@aghecenco aghecenco mentioned this issue Apr 20, 2020
Merged
8 tasks
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 20, 2020
@aghecenco
jailer: chmod 755 on folders inside jail
3296955 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 20, 2020
@aghecenco
jailer: chmod 755 on folders inside jail
41c8d94 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 23, 2020
@aghecenco
jailer: chmod 700 on folders inside jail
5402517 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 23, 2020
@aghecenco
jailer: chmod 700 on folders inside jail
683019e 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 23, 2020
@aghecenco
jailer: chmod 700 on folders inside jail
d50337f 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 29, 2020
@aghecenco
jailer: chmod 700 on folders inside jail
b74b781 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue Apr 29, 2020
@aghecenco
jailer: chmod 700 on folders inside jail
781c88b 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue May 6, 2020
@aghecenco
jailer: chmod 700 on folders inside jail
7872e7e 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue May 7, 2020
@aghecenco
jailer: chmod 700 on folders inside jail
331ec49 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue May 8, 2020
@aghecenco
jailer: chmod 700 on folders inside jail
55a7885 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue May 8, 2020
@aghecenco
jailer: chmod 700 folders inside jail
5c153f7 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue May 13, 2020
@aghecenco
jailer: chmod 700 folders inside jail
e69e150 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
aghecenco added a commit to aghecenco/firecracker that referenced this issue May 13, 2020
@aghecenco
jailer: chmod 700 folders inside jail
f33649c 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
bbros-dev pushed a commit to BegleyBrothers/firecracker that referenced this issue May 16, 2020
@aghecenco @bbros-dev
jailer: chmod 700 folders inside jail
9f5ce2e 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
gbionescu pushed a commit to jabedude/firecracker that referenced this issue Jun 5, 2020
@aghecenco
jailer: chmod 700 folders inside jail
7c07a9b 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
dianpopa pushed a commit to dianpopa/firecracker that referenced this issue Aug 5, 2020
@aghecenco @dianpopa
jailer: chmod 700 folders inside jail
462a0cc 
Fixes firecracker-microvm#1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
dianpopa pushed a commit that referenced this issue Aug 5, 2020
@aghecenco @dianpopa
jailer: chmod 700 folders inside jail
9eb8ba7 
Fixes #1802

Signed-off-by: Alexandra Iordache <aghecen@amazon.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aghecenco aghecenco

Labels
Priority: High Indicates than an issue or pull request should be resolved ahead of issues or pull requests labelled Type: Bug Indicates an unexpected problem or unintended behavior
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@aghecenco