start: make us dumpable

When set set{u,g}id() the kernel will make us undumpable. This is unnecessary since we can guarantee that whatever is running inside the child process at this point this is fully trusted by the parent. Making us dumpable let's users use debuggers on the child process before the exec as well and also allows us to open /proc/<child-pid> files in lieu of the child. Note, that we only need to perform the prctl(PR_SET_DUMPABLE, ...) if our effective uid on the host is not 0. If our effective uid on the host is 0 then we will keep all capabilities in the child user namespace across set{g,u}id(). Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc · Dec 22, 2017 · 4b826b1 · 4b826b1
1 parent 1509013
commit 4b826b1
Showing 1 changed file with 10 additions and 2 deletions.
diff --git a/src/lxc/start.c b/src/lxc/start.c
@@ -930,14 +930,22 @@ static int do_start(void *data)
 	 * privilege over our namespace.
 	 */
 	if (!lxc_list_empty(&handler->conf->id_map)) {
-		if (lxc_switch_uid_gid(0, 0) < 0)
+		ret = lxc_switch_uid_gid(0, 0);
+		if (ret < 0)
 			goto out_warn_father;
 
 		/* Drop groups only after we switched to a valid gid in the new
 		 * user namespace.
 		 */
-		if (lxc_setgroups(0, NULL) < 0)
+		ret = lxc_setgroups(0, NULL);
+		if (ret < 0)
 			goto out_warn_father;
+
+		if (!handler->am_root) {
+			ret = prctl(PR_SET_DUMPABLE, 1, 0, 0, 0);
+			if (ret < 0)
+				goto out_warn_father;
+		}
 	}
 
 	if (access(handler->lxcpath, X_OK)) {