From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 578AE6DDF0 for ; Mon, 28 Mar 2022 10:06:37 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 49ADB2350D for ; Mon, 28 Mar 2022 10:06:37 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id B533623503 for ; Mon, 28 Mar 2022 10:06:36 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 766C743002 for ; Mon, 28 Mar 2022 10:06:36 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com Date: Mon, 28 Mar 2022 10:06:28 +0200 Message-Id: <20220328080628.900300-1-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.180 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH container] fix #3960: properly set owner in CT setup X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Mar 2022 08:06:37 -0000 there were two helpers that were not handling this correctly: ct_make_path since this never gets called with $opts, and there also is no 'owner' and 'group' in $self, the previous logic could never work, sometimes leaving nobody:nogroup files around for unprivileged containers. since only the centos and suse plugins use this helper, the issue was fairly limited. ct_symlink could create symlinks owned by nobody:nogroup. since symlinks are created 777 by default, this just meant they were not modifiable inside the container, but reading/dereferencing was no problem so it went unnoticed so far. Signed-off-by: Fabian Grünbichler --- Notes: instead of POSIX::lchown we could also expose AT_SYMLINK_NOFOLLOW in PVE::Tools and call fchownat with that, but it would require a versioned dep bump.. src/PVE/LXC/Setup/Base.pm | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/src/PVE/LXC/Setup/Base.pm b/src/PVE/LXC/Setup/Base.pm index dafd69a..7c93dfb 100644 --- a/src/PVE/LXC/Setup/Base.pm +++ b/src/PVE/LXC/Setup/Base.pm @@ -12,6 +12,7 @@ use Fcntl; use File::Path; use File::Spec; use File::Basename; +use POSIX (); use PVE::INotify; use PVE::Tools; @@ -663,22 +664,26 @@ sub ct_open_file_write { sub ct_make_path { my $self = shift; - if ($self->{id_map}) { - my $opts = pop; - if (ref($opts) eq 'HASH') { - $opts->{owner} = $self->{rootuid} if !defined($self->{owner}); - $opts->{group} = $self->{rootgid} if !defined($self->{group}); - } - File::Path::make_path(@_, $opts); - } else { - File::Path::make_path(@_); + + my $opts = {}; + if (defined($self->{id_map})) { + $opts->{owner} = $self->{rootuid}; + $opts->{group} = $self->{rootgid}; } + File::Path::make_path(@_, $opts); } sub ct_symlink { my ($self, $old, $new) = @_; return if $self->ct_is_file_ignored($new); - return CORE::symlink($old, $new); + if (CORE::symlink($old, $new)) { + if (defined($self->{id_map})) { + POSIX::lchown($self->{rootuid}, $self->{rootgid}, $new); + } + return 1; + } else { + return 0; + } } sub ct_readlink { -- 2.30.2