Re: [pve-devel] [PATCH lxcfs v3 10/13] lxc.mount.hook: override env variables from container config

From: Wolfgang Bumiller <w.bumiller@proxmox.com>
To: Filip Schauer <f.schauer@proxmox.com>
Cc: pve-devel@lists.proxmox.com
Subject: Re: [pve-devel] [PATCH lxcfs v3 10/13] lxc.mount.hook: override env variables from container config
Date: Thu, 10 Jul 2025 11:30:10 +0200	[thread overview]
Message-ID: <amqzk4kzzde3hg4gbdyrhvlqiw6b2xewhurnzdmglgewd2tqum@gckwyuek6z3v> (raw)
In-Reply-To: <20250709123435.64796-11-f.schauer@proxmox.com>

NAK

This needs to be handled differently.

Before this series `lxc.environment` could not be set at all except by
manually modifying the config as *root*.

If we want to support the `Env` key in OCI images, we need to either
replace the `init` command with a wrapper setting that environment
before running the final command, or lxc itself needs to learn a new
configuration for this (eg. an `lxc.environment.runtime`).

On Wed, Jul 09, 2025 at 02:34:27PM +0200, Filip Schauer wrote:
> This can still break `/bin/sh` if an OCI image injects a different
> `libc.so.6` with $LD_LIBRARY_PATH.
> 
> Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
> ---
> Arbitrary code execution is theoretically still possible with a
> specially crafted OCI image that provides a shared library and points
> $LD_LIBRARY_PATH to its parent directory. Although the code is confined
> to the container's namespace, it can still see the host file system.
> While this may not pose a significant security risk, it is nonetheless
> suboptimal. I am unsure about the best way to fully mitigate this.
> 
> Introduced in v3
> 
>  .../patches/reset-path-to-host-defaults.patch | 38 +++++++++++++++++++
>  debian/patches/series                         |  1 +
>  2 files changed, 39 insertions(+)
>  create mode 100644 debian/patches/reset-path-to-host-defaults.patch
> 
> diff --git a/debian/patches/reset-path-to-host-defaults.patch b/debian/patches/reset-path-to-host-defaults.patch
> new file mode 100644
> index 0000000..12f150d
> --- /dev/null
> +++ b/debian/patches/reset-path-to-host-defaults.patch
> @@ -0,0 +1,38 @@
> +From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
> +From: Filip Schauer <f.schauer@proxmox.com>
> +Date: Mon, 23 Jun 2025 13:05:35 +0200
> +Subject: [PATCH] lxc.mount.hook: override env variables from container
> + config
> +
> +Without this, if the container config specifies a custom PATH variable
> +via lxc.environment that omits /usr/bin or /bin, binaries like
> +`readlink` and `mount` may not be found, causing container startup to
> +fail.
> +
> +Fixes startup breakage with images like `ghcr.io/nixos/nix:latest`.
> +
> +This also mitigates arbitrary code execution during container startup
> +before pivot_root (albeit confined in its own namespace) with a
> +specially crafted OCI image providing a custom `readlink` or `mount`
> +binary and pointing the PATH variable to it.
> +
> +Signed-off-by: Filip Schauer <f.schauer@proxmox.com>
> +---
> + share/lxc.mount.hook.in | 4 ++++
> + 1 file changed, 4 insertions(+)
> +
> +diff --git a/share/lxc.mount.hook.in b/share/lxc.mount.hook.in
> +index 6fd13b0..a25a5ef 100755
> +--- a/share/lxc.mount.hook.in
> ++++ b/share/lxc.mount.hook.in
> +@@ -11,6 +11,10 @@ do
> + 	shift
> + done
> + 
> ++# Set the PATH variable in case it was modified by lxc.environment
> ++PATH=/usr/bin:/bin
> ++LD_LIBRARY_PATH=
> ++
> + # We're dealing with mount entries, so expand any symlink
> + LXC_ROOTFS_MOUNT=$(readlink -f "${LXC_ROOTFS_MOUNT}")
> + 
> diff --git a/debian/patches/series b/debian/patches/series
> index bf650b4..f3391c0 100644
> --- a/debian/patches/series
> +++ b/debian/patches/series
> @@ -1 +1,2 @@
>  do-not-start-without-lxcfs.patch
> +reset-path-to-host-defaults.patch
> -- 
> 2.47.2

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel