From: Zhao Lei <zhaolei-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
To: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
"Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Subject: [PATCH 0/3] Write dump into container's filesystem for pipe_type core_pattern
Date: Mon, 6 Jun 2016 20:02:07 +0800 [thread overview]
Message-ID: <cover.1465214472.git.zhaolei@cn.fujitsu.com> (raw)
In current system, when we set core_pattern to a pipe, both pipe program
and program's output are in host's filesystem.
But when we set core_pattern to a file, the container will write dump
into container's filesystem.
For example, when we set following core_pattern:
# echo "|/my_dump_pipe %s %c %p %u %g %t e" >/proc/sys/kernel/core_pattern
and trigger a segment fault in a container, my_dump_pipe is searched from
host's filesystem, and it will write coredump into host's filesystem too.
In a privileged container, user can destroy host system by following
command:
# # In a container
# echo "|/bin/dd of=/boot/vmlinuz" >/proc/sys/kernel/core_pattern
# make_dump
Actually, all operation in a container should not change host's
environment, the container should use core_pattern as its private setting.
In detail, in core dump action:
1: Search pipe program in container's fs namespace.
2: Run pipe program in container's fs namespace to write coredump to it.
I rewrited this patch from origional:
http://www.gossamer-threads.com/lists/linux/kernel/2395715?do=post_view_flat
and changed the impliment way and function detail discussed in:
http://www.gossamer-threads.com/lists/linux/kernel/2397602?nohighlight=1#2397602
Changelog RFC->v1:
1: RFC->v1
2: Rebase on top of v4.7-rc2
Changes against previous impliment:
1: Avoid forking thread from the crach process.
Suggested-by: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2: To keep compatibility with current code, if user hadn't change
core_pattern in container, the dump file will still write to
the host filesystem.
Suggested-by: Eric W. Biederman <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Zhao Lei (3):
Save dump_root into pid_namespace
Make dump_pipe thread possilbe to select the rootfs
Write dump into container's filesystem for pipe_type core_pattern
fs/coredump.c | 19 ++++++++++++++++++-
fs/fs_struct.c | 25 ++++++++++++++++---------
include/linux/fs_struct.h | 3 ++-
include/linux/kmod.h | 4 +++-
include/linux/pid_namespace.h | 3 +++
include/linux/sched.h | 5 +++--
init/do_mounts_initrd.c | 3 ++-
init/main.c | 4 ++--
kernel/fork.c | 34 ++++++++++++++++++++--------------
kernel/kmod.c | 13 ++++++++-----
kernel/kthread.c | 3 ++-
kernel/pid.c | 1 +
kernel/pid_namespace.c | 6 ++++++
kernel/sysctl.c | 30 ++++++++++++++++++++++++++----
lib/kobject_uevent.c | 3 ++-
security/keys/request_key.c | 2 +-
16 files changed, 115 insertions(+), 43 deletions(-)
--
1.8.5.1
WARNING: multiple messages have this Message-ID (diff)
From: Zhao Lei <zhaolei@cn.fujitsu.com>
To: <linux-kernel@vger.kernel.org>
Cc: <containers@lists.linux-foundation.org>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Mateusz Guzik <mguzik@redhat.com>,
Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>,
Zhao Lei <zhaolei@cn.fujitsu.com>
Subject: [PATCH 0/3] Write dump into container's filesystem for pipe_type core_pattern
Date: Mon, 6 Jun 2016 20:02:07 +0800 [thread overview]
Message-ID: <cover.1465214472.git.zhaolei@cn.fujitsu.com> (raw)
In current system, when we set core_pattern to a pipe, both pipe program
and program's output are in host's filesystem.
But when we set core_pattern to a file, the container will write dump
into container's filesystem.
For example, when we set following core_pattern:
# echo "|/my_dump_pipe %s %c %p %u %g %t e" >/proc/sys/kernel/core_pattern
and trigger a segment fault in a container, my_dump_pipe is searched from
host's filesystem, and it will write coredump into host's filesystem too.
In a privileged container, user can destroy host system by following
command:
# # In a container
# echo "|/bin/dd of=/boot/vmlinuz" >/proc/sys/kernel/core_pattern
# make_dump
Actually, all operation in a container should not change host's
environment, the container should use core_pattern as its private setting.
In detail, in core dump action:
1: Search pipe program in container's fs namespace.
2: Run pipe program in container's fs namespace to write coredump to it.
I rewrited this patch from origional:
http://www.gossamer-threads.com/lists/linux/kernel/2395715?do=post_view_flat
and changed the impliment way and function detail discussed in:
http://www.gossamer-threads.com/lists/linux/kernel/2397602?nohighlight=1#2397602
Changelog RFC->v1:
1: RFC->v1
2: Rebase on top of v4.7-rc2
Changes against previous impliment:
1: Avoid forking thread from the crach process.
Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
2: To keep compatibility with current code, if user hadn't change
core_pattern in container, the dump file will still write to
the host filesystem.
Suggested-by: Eric W. Biederman <ebiederm@xmission.com>
Zhao Lei (3):
Save dump_root into pid_namespace
Make dump_pipe thread possilbe to select the rootfs
Write dump into container's filesystem for pipe_type core_pattern
fs/coredump.c | 19 ++++++++++++++++++-
fs/fs_struct.c | 25 ++++++++++++++++---------
include/linux/fs_struct.h | 3 ++-
include/linux/kmod.h | 4 +++-
include/linux/pid_namespace.h | 3 +++
include/linux/sched.h | 5 +++--
init/do_mounts_initrd.c | 3 ++-
init/main.c | 4 ++--
kernel/fork.c | 34 ++++++++++++++++++++--------------
kernel/kmod.c | 13 ++++++++-----
kernel/kthread.c | 3 ++-
kernel/pid.c | 1 +
kernel/pid_namespace.c | 6 ++++++
kernel/sysctl.c | 30 ++++++++++++++++++++++++++----
lib/kobject_uevent.c | 3 ++-
security/keys/request_key.c | 2 +-
16 files changed, 115 insertions(+), 43 deletions(-)
--
1.8.5.1
next reply other threads:[~2016-06-06 12:02 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-06 12:02 Zhao Lei [this message]
2016-06-06 12:02 ` [PATCH 0/3] Write dump into container's filesystem for pipe_type core_pattern Zhao Lei
[not found] ` <cover.1465214472.git.zhaolei-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2016-06-06 12:02 ` [PATCH 1/3] Save dump_root into pid_namespace Zhao Lei
2016-06-06 12:02 ` Zhao Lei
[not found] ` <80f929b266dd3ac6ad5f5d9955f393b0f1f8120f.1465214472.git.zhaolei-BthXqXjhjHXQFUHtdCDX3A@public.gmane.org>
2016-06-06 17:02 ` Al Viro
2016-06-06 17:02 ` Al Viro
2016-06-06 12:02 ` [PATCH 2/3] Make dump_pipe thread possilbe to select the rootfs Zhao Lei
2016-06-06 12:02 ` Zhao Lei
2016-06-06 12:02 ` [PATCH 3/3] Write dump into container's filesystem for pipe_type core_pattern Zhao Lei
2016-06-06 12:02 ` Zhao Lei
-- strict thread matches above, loose matches on Subject: below --
2016-04-15 10:47 [PATCH 0/3] [RFC] " Zhao Lei
2016-05-13 8:29 ` [PATCH 0/3] " Zhao Lei
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1465214472.git.zhaolei@cn.fujitsu.com \
--to=zhaolei-bthxqxjhjhxqfuhtdcdx3a@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.