[pve-devel] [PATCH lxc] fix #7006: do not restrict proc or sys if nested

[pve-devel] [PATCH lxc] fix #7006: do not restrict proc or sys if nested

[Fabian Grünbichler]

if nesting is enabled, it is already possible to mount a fresh instance of
procfs and sysfs inside the container. protecting the original one does not
make much sense in such a scenario, the kernel already protects the bits that
are off-limits for unprivileged users anyway..

this fixes an issue with certain nested container setups, such as a recent
enough runc nested inside LXC.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
---
tested using the reproducer from BZ

 ...proc-and-sys-restrictions-if-nesting.patch | 71 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 72 insertions(+)
 create mode 100644 debian/patches/apparmor/0003-apparmor-skip-proc-and-sys-restrictions-if-nesting.patch

diff --git a/debian/patches/apparmor/0003-apparmor-skip-proc-and-sys-restrictions-if-nesting.patch b/debian/patches/apparmor/0003-apparmor-skip-proc-and-sys-restrictions-if-nesting.patch
new file mode 100644
index 0000000..44b9454
--- /dev/null
+++ b/debian/patches/apparmor/0003-apparmor-skip-proc-and-sys-restrictions-if-nesting.patch
@@ -0,0 +1,71 @@
+From 33b101104ea750cc7bb723fa3715fb42cd177645 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
+Date: Thu, 13 Nov 2025 13:25:04 +0100
+Subject: [PATCH] apparmor: skip /proc and /sys restrictions if nesting is
+ enabled
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+if nesting is enabled, it's already possible to mount your own instance of both
+/proc and /sys inside the container, so protecting the "original" one makes no
+sense, but breaks certain nested container setups.
+
+See: https://github.com/lxc/incus/pull/2624/commits/1fbe4bffb9748cc3b07aaf5db310d463c1e827d0
+Fixes: https://bugzilla.proxmox.com/show_bug.cgi?id=7006
+
+Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
+---
+ src/lxc/lsm/apparmor.c | 15 ++++++++++++---
+ 1 file changed, 12 insertions(+), 3 deletions(-)
+
+diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
+index d6516ae9f..e9d494f1e 100644
+--- a/src/lxc/lsm/apparmor.c
++++ b/src/lxc/lsm/apparmor.c
+@@ -170,6 +170,9 @@ static const char AA_PROFILE_BASE[] =
+ "  mount options=(rw,move) /s[^y]*{,/**},\n"
+ "  mount options=(rw,move) /sy[^s]*{,/**},\n"
+ "  mount options=(rw,move) /sys?*{,/**},\n"
++"\n";
++
++static const char AA_PROFILE_BASE_NO_NESTING[] =
+ "\n"
+ "  # generated by: lxc-generate-aa-rules.py container-rules.base\n"
+ "  deny /proc/sys/[^kn]*{,/**} wklx,\n"
+@@ -755,6 +758,10 @@ static char *get_apparmor_profile_content(struct lsm_ops *ops, struct lxc_conf *
+ 	must_append_sized(&profile, &size, AA_PROFILE_BASE,
+ 	                  STRARRAYLEN(AA_PROFILE_BASE));
+ 
++	if (!conf->lsm_aa_allow_nesting)
++		must_append_sized(&profile, &size, AA_PROFILE_BASE_NO_NESTING,
++		                  STRARRAYLEN(AA_PROFILE_BASE_NO_NESTING));
++
+ 	append_all_remount_rules(&profile, &size);
+ 
+ 	if (ops->aa_supports_unix)
+@@ -768,8 +775,10 @@ static char *get_apparmor_profile_content(struct lsm_ops *ops, struct lxc_conf *
+ 	if (ops->aa_can_stack && !ops->aa_is_stacked) {
+ 		char *namespace, *temp;
+ 
+-		must_append_sized(&profile, &size, AA_PROFILE_STACKING_BASE,
+-		                  STRARRAYLEN(AA_PROFILE_STACKING_BASE));
++
++		if (!conf->lsm_aa_allow_nesting)
++			must_append_sized(&profile, &size, AA_PROFILE_STACKING_BASE,
++			                  STRARRAYLEN(AA_PROFILE_STACKING_BASE));
+ 
+ 		namespace = apparmor_namespace(conf->name, lxcpath);
+ 		temp = must_concat(NULL, "  change_profile -> \":", namespace, ":*\",\n"
+@@ -779,7 +788,7 @@ static char *get_apparmor_profile_content(struct lsm_ops *ops, struct lxc_conf *
+ 
+ 		must_append_sized(&profile, &size, temp, strlen(temp));
+ 		free(temp);
+-	} else {
++	} else if (!conf->lsm_aa_allow_nesting) {
+ 		must_append_sized(&profile, &size, AA_PROFILE_NO_STACKING,
+ 		                  STRARRAYLEN(AA_PROFILE_NO_STACKING));
+ 	}
+-- 
+2.47.3
+
diff --git a/debian/patches/series b/debian/patches/series
index 5f3f0b6..a2f2ad4 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,4 +1,5 @@
 apparmor/0001-apparmor-allow-lxc-start-to-create-user-namespaces.patch
 apparmor/0002-apparmor-use-abi-directive-in-apparmor-profiles.patch
+apparmor/0003-apparmor-skip-proc-and-sys-restrictions-if-nesting.patch
 pve/0001-PVE-Config-deny-rw-mounting-of-sys-and-proc.patch
 pve/0002-PVE-Config-attach-always-use-getent.patch
-- 
2.47.3



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] applied: [PATCH lxc] fix #7006: do not restrict proc or sys if nested

[Thomas Lamprecht]

On Thu, 13 Nov 2025 14:08:01 +0100, Fabian Grünbichler wrote:
> if nesting is enabled, it is already possible to mount a fresh instance of
> procfs and sysfs inside the container. protecting the original one does not
> make much sense in such a scenario, the kernel already protects the bits that
> are off-limits for unprivileged users anyway..
> 
> this fixes an issue with certain nested container setups, such as a recent
> enough runc nested inside LXC.
> 
> [...]

Applied, thanks!

[1/1] fix #7006: do not restrict proc or sys if nested
      commit: d24bcf97de7c3e59e3d3dd19945b4cd42e72db40


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel