1 files changed, 69 insertions, 0 deletions
diff --git a/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch b/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch
new file mode 100644
index 00000000..c3afd858
--- /dev/null
+++ b/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch
@@ -0,0 +1,69 @@
+From f267d6668e3a95cb2247accb169cf1bc7f8ffcab Mon Sep 17 00:00:00 2001
+From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
+Date: Wed, 20 Jan 2016 10:53:57 +0000
+Subject: [PATCH] mount_proc_if_needed: only safe mount when rootfs is defined
+The safe_mount function was introduced in order to address CVE-2015-1335,
+one of the vulnerabilities being a mount with a symlink for the
+destination path. In scenarios such as lxc-execute with no rootfs, the
+destination path is the host /proc, which is previously mounted by the
+host, and is unmounted and mounted again in a new set of namespaces,
+therefore eliminating the need to check for it being a symlink.
+Mount the rootfs normally if the rootfs is NULL, keep the safe mount
+only for scenarios where a different rootfs is defined.
+Upstream-status: Accepted
+[https://github.com/lxc/lxc/commit/f267d6668e3a95cb2247accb169cf1bc7f8ffcab]
+Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
+Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
+---
+ src/lxc/conf.c  |  1 +
+ src/lxc/utils.c | 10 +++++++++-
+ 2 files changed, 10 insertions(+), 1 deletion(-)
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 632dde3..1e30c0c 100644
+--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
+@@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
+        return 0;
+ }
+ 
+/* NOTE: not to be called from inside the container namespace! */
+ int tmp_proc_mount(struct lxc_conf *lxc_conf)
+ {
+        int mounted;
+diff --git a/src/lxc/utils.c b/src/lxc/utils.c
+index 4e96a50..0bc7a20 100644
+--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
+@@ -1704,6 +1704,8 @@ int safe_mount(const char *src, const char *dest, const char *fstype,
+  *
+  * Returns < 0 on failure, 0 if the correct proc was already mounted
+  * and 1 if a new proc was mounted.
+ *
+ * NOTE: not to be called from inside the container namespace!
+  */
+ int mount_proc_if_needed(const char *rootfs)
+ {
+@@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
+        return 0;
+ 
+ domount:
+-       if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
+       if (!strcmp(rootfs,"")) /* rootfs is NULL */
+               ret = mount("proc", path, "proc", 0, NULL);
+       else
+               ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
+
+       if (ret < 0)
+                return -1;
+
+        INFO("Mounted /proc in container for security transition");
+        return 1;
+ }
+-- 
+1.9.1

diff --git a/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch b/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch new file mode 100644 index 00000000..c3afd858 --- /dev/null +++ b/recipes-containers/lxc/files/mount_proc_if_needed-only-safe-mount-when-rootfs-is-.patch
@@ -0,0 +1,69 @@
	1	From f267d6668e3a95cb2247accb169cf1bc7f8ffcab Mon Sep 17 00:00:00 2001
	2	From: Bogdan Purcareata <bogdan.purcareata@nxp.com>
	3	Date: Wed, 20 Jan 2016 10:53:57 +0000
	4	Subject: [PATCH] mount_proc_if_needed: only safe mount when rootfs is defined
	5
	6	The safe_mount function was introduced in order to address CVE-2015-1335,
	7	one of the vulnerabilities being a mount with a symlink for the
	8	destination path. In scenarios such as lxc-execute with no rootfs, the
	9	destination path is the host /proc, which is previously mounted by the
	10	host, and is unmounted and mounted again in a new set of namespaces,
	11	therefore eliminating the need to check for it being a symlink.
	12
	13	Mount the rootfs normally if the rootfs is NULL, keep the safe mount
	14	only for scenarios where a different rootfs is defined.
	15
	16	Upstream-status: Accepted
	17	[https://github.com/lxc/lxc/commit/f267d6668e3a95cb2247accb169cf1bc7f8ffcab]
	18
	19	Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
	20	Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
	21	---
	22	src/lxc/conf.c \| 1 +
	23	src/lxc/utils.c \| 10 +++++++++-
	24	2 files changed, 10 insertions(+), 1 deletion(-)
	25
	26	diff --git a/src/lxc/conf.c b/src/lxc/conf.c
	27	index 632dde3..1e30c0c 100644
	28	--- a/src/lxc/conf.c
	29	+++ b/src/lxc/conf.c
	30	@@ -3509,6 +3509,7 @@ int ttys_shift_ids(struct lxc_conf *c)
	31	return 0;
	32	}
	33
	34	+/* NOTE: not to be called from inside the container namespace! */
	35	int tmp_proc_mount(struct lxc_conf *lxc_conf)
	36	{
	37	int mounted;
	38	diff --git a/src/lxc/utils.c b/src/lxc/utils.c
	39	index 4e96a50..0bc7a20 100644
	40	--- a/src/lxc/utils.c
	41	+++ b/src/lxc/utils.c
	42	@@ -1704,6 +1704,8 @@ int safe_mount(const char src, const char dest, const char *fstype,
	43	*
	44	* Returns < 0 on failure, 0 if the correct proc was already mounted
	45	* and 1 if a new proc was mounted.
	46	+ *
	47	+ * NOTE: not to be called from inside the container namespace!
	48	*/
	49	int mount_proc_if_needed(const char *rootfs)
	50	{
	51	@@ -1737,8 +1739,14 @@ int mount_proc_if_needed(const char *rootfs)
	52	return 0;
	53
	54	domount:
	55	- if (safe_mount("proc", path, "proc", 0, NULL, rootfs) < 0)
	56	+ if (!strcmp(rootfs,"")) /* rootfs is NULL */
	57	+ ret = mount("proc", path, "proc", 0, NULL);
	58	+ else
	59	+ ret = safe_mount("proc", path, "proc", 0, NULL, rootfs);
	60	+
	61	+ if (ret < 0)
	62	return -1;
	63	+
	64	INFO("Mounted /proc in container for security transition");
	65	return 1;
	66	}
	67	--
	68	1.9.1
	69