Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ensure /proc is mounted in chroot environments (bsc#1176972) #427

Merged
merged 1 commit into from
Oct 6, 2020
Merged

ensure /proc is mounted in chroot environments (bsc#1176972) #427

merged 1 commit into from
Oct 6, 2020

Conversation

wfeldt
Copy link
Member

@wfeldt wfeldt commented Oct 5, 2020
edited
Loading

Problem

glibc and others rely on /proc to be mounted in chroot environments to function properly.

Solution

Temporarily mount /proc if missing. And also set up /dev/fd symlinks to /proc/self/fd.

@wfeldt wfeldt mentioned this pull request Oct 5, 2020
Closed
jreidinger
jreidinger reviewed Oct 5, 2020
View reviewed changes
lib/AddFiles.pm

# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# Set up /proc and /dev/fd in directory dir if they are missing as a number
# of tools rely on these (bsc#1160594, bsc#1176972).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

when doing it why not proc mount also "/sys" I think some tools also use it. Otherwise change looks reasonable.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The main reason here is the secure access to file descriptors via /proc/self. /sys exposes too much of the host system and it would kind of contradict the use of a chroot environment.

Note that using /proc is also not without problems as it already exposes quite a lot and processes might influence the host system in unwanted ways.

It's a compromise already and I would not want to stretch it further.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok

@wfeldt wfeldt merged commit be7c421 into master Oct 6, 2020
@wfeldt wfeldt deleted the sw_45 branch October 6, 2020 08:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jreidinger jreidinger jreidinger approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@wfeldt @jreidinger