lxc:fix non-root user cannot write /dev/stdout & encode some escape charactors

Signed-off-by: gaohuatao <gaohuatao@huawei.com>
2020-04-02 00:29:41 -04:00 · 2020-04-02 00:29:41 -04:00 · 20e2680288
commit 20e2680288
parent 423c5d6cb7
4 changed files with 232 additions and 1 deletions
--- a/0141-lxc-decode-some-escape-charactors-of-lxc-config-file.patch
+++ b/0141-lxc-decode-some-escape-charactors-of-lxc-config-file.patch
@ -0,0 +1,97 @@
+From a6fd611c354ba62320661ad4eef4dd822423fcb6 Mon Sep 17 00:00:00 2001
+From: gaohuatao <gaohuatao@huawei.com>
+Date: Wed, 1 Apr 2020 06:53:27 -0400
+Subject: [PATCH 141/142] lxc: decode some escape charactors of lxc config file
+ string
+
+Signed-off-by: gaohuatao <gaohuatao@huawei.com>
+---
+ src/lxc/confile.c | 55 +++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 53 insertions(+), 2 deletions(-)
+
+diff --git a/src/lxc/confile.c b/src/lxc/confile.c
+index 3eaae4a9..747ccec7 100644
+--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
+@@ -2443,6 +2443,52 @@ struct parse_line_conf {
+ 	bool from_include;
+ };
+ 
+// escape_string_decode compress some escape characters
+static char *escape_string_decode(const char *src)
+{
+	size_t src_end = 0;
+	size_t dst_end = 0;
+	size_t len = 0;
+	char *dst = NULL;
+	
+	if (src == NULL) {
+		return NULL;
+	}
+
+	len = strlen(src);
+	if (len == 0) {
+		return NULL;
+	}
+	
+	dst = calloc(1, len + 1);
+	if (dst == NULL) {
+		ERROR("Out of memory");
+		return NULL;
+	}
+	
+	while(src_end < len) {
+		if (src[src_end] == '\\') {
+			switch (src[++src_end])
+			{
+				case 'r': dst[dst_end] = '\r'; break;
+				case 'n': dst[dst_end] = '\n'; break;
+				case 'f': dst[dst_end] = '\f'; break;
+				case 'b': dst[dst_end] = '\b'; break;
+				case 't': dst[dst_end] = '\t'; break;
+				case '\\': dst[dst_end] = '\\'; break;
+				// default do not decode
+				default: dst[dst_end++] = '\\'; dst[dst_end] = src[src_end]; break;
+			}
+		} else {
+			dst[dst_end] = src[src_end];	
+		}
+		dst_end++;
+		src_end++;
+	}
+	
+	return dst;
+}
+
+ static int parse_line(char *buffer, void *data)
+ {
+ 	char *dot, *key, *line, *linep, *value;
+@@ -2451,6 +2497,7 @@ static int parse_line(char *buffer, void *data)
+ 	int ret = 0;
+ 	char *dup = buffer;
+ 	struct parse_line_conf *plc = data;
+	char *value_decode = NULL;
+ 
+ 	/* If there are newlines in the config file we should keep them. */
+ 	empty_line = lxc_is_line_empty(dup);
+@@ -2517,11 +2564,15 @@ static int parse_line(char *buffer, void *data)
+ 		goto on_error;
+ 	}
+ 
+-	ret = config->set(key, value, plc->conf, NULL);
+	value_decode = escape_string_decode(value);
+	if (value_decode == NULL) {
+		ERROR("Value %s decode failed", value);
+	}
+	ret = config->set(key, value_decode ? value_decode: value, plc->conf, NULL);
+ 
+ on_error:
+ 	free(linep);
+-
+	free(value_decode);
+ 	return ret;
+ }
+ 
+-- 
+2.19.1
+
--- a/0142-lxc-fix-non-root-user-cannot-write-dev-stdout.patch
+++ b/0142-lxc-fix-non-root-user-cannot-write-dev-stdout.patch
@ -0,0 +1,129 @@
+From 879e8e26506cda1650aed469781dd68d56f289b2 Mon Sep 17 00:00:00 2001
+From: gaohuatao <gaohuatao@huawei.com>
+Date: Tue, 31 Mar 2020 04:41:58 -0400
+Subject: [PATCH 142/142] lxc: fix non-root user cannot write /dev/stdout
+
+Signed-off-by: gaohuatao <gaohuatao@huawei.com>
+---
+ src/lxc/attach.c |  2 ++
+ src/lxc/conf.c   | 51 ++++++++++++++++++++++++++++++++++++++++++++++++
+ src/lxc/conf.h   |  1 +
+ src/lxc/start.c  |  2 ++
+ src/lxc/utils.c  |  1 -
+ 5 files changed, 56 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxc/attach.c b/src/lxc/attach.c
+index 2061b960..b1bbaeba 100644
+--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
+@@ -1031,6 +1031,8 @@ static int attach_child_main(struct attach_clone_payload *payload)
+ 			init_ctx->container->lxc_conf->init_groups))
+ 		goto on_error;
+ 
+	fix_stdio_permissions(new_uid);
+	
+ 	if (!lxc_switch_uid_gid(new_uid, new_gid))
+ 		goto on_error;
+ 
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index 65b33ea5..b67e138d 100644
+--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
+@@ -5262,6 +5262,57 @@ int lxc_clear_namespace(struct lxc_conf *c)
+ 	return 0;
+ }
+ 
+void fix_stdio_permissions(uid_t uid)
+{
+	int std_fds[3] = {STDIN_FILENO, STDOUT_FILENO, STDERR_FILENO};
+	int devnull_fd = -1;
+	int ret = 0;
+	int i = 0;
+	struct stat st;
+	struct stat null_st;
+
+	devnull_fd = open_devnull();
+	if (devnull_fd < 0) {
+		WARN("Using /dev/null from the host for container "
+			     "init's standard file descriptors. Migration will "
+			     "not work");
+		goto out;
+	}
+	
+	ret = fstat(devnull_fd, &null_st);
+	if (ret != 0) {
+		ERROR("Failed to get /dev/null stat");
+		goto out;
+	}
+
+	for (; i < 3; i++) {
+		ret = fstat(std_fds[i], &st);
+		if (ret != 0) {
+			ERROR("Failed to get fd %d stat", std_fds[i]);
+			continue;
+		}
+
+		if (st.st_rdev == null_st.st_rdev) {
+			continue;
+		}
+
+		ret = fchown(std_fds[i], uid, st.st_gid);
+		if (ret != 0) {
+			ERROR("Failed to change fd %d owner", std_fds[i]);
+		}
+
+		ret = fchmod(std_fds[i], 0700);
+		if (ret != 0) {
+			ERROR("Failed to change fd %d mode", std_fds[i]);
+		}
+	}
+
+out:
+	if (devnull_fd >= 0) {
+		close(devnull_fd);
+	}
+}
+
+ int lxc_clear_groups(struct lxc_conf *c)
+ {
+ 	struct lxc_list *it, *next;
+diff --git a/src/lxc/conf.h b/src/lxc/conf.h
+index e4bfc48f..d67ca31b 100644
+--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
+@@ -500,6 +500,7 @@ extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key);
+ extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid);
+ extern int lxc_clear_procs(struct lxc_conf *c, const char *key);
+ extern int lxc_clear_namespace(struct lxc_conf *c);
+extern void fix_stdio_permissions(uid_t uid);
+ 
+ /* isulad add begin */
+ int lxc_clear_init_args(struct lxc_conf *lxc_conf);
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index 0af2e926..1977ccd2 100644
+--- a/src/lxc/start.c
+++ b/src/lxc/start.c
+@@ -1679,6 +1679,8 @@ static int do_start(void *data)
+ 	if (lxc_setup_env_home(new_uid) < 0)
+ 		goto out_warn_father;
+ 
+	fix_stdio_permissions(new_uid);
+
+ 	/* If we are in a new user namespace we already dropped all groups when
+ 	 * we switched to root in the new user namespace further above. Only
+ 	 * drop groups if we can, so ensure that we have necessary privilege.
+diff --git a/src/lxc/utils.c b/src/lxc/utils.c
+index 31bcac71..f2b3a4f9 100644
+--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
+@@ -1909,7 +1909,6 @@ set_env:
+ 	return 0;
+ }
+ 
+-
+ /* isulad: read file to buffer */
+ int lxc_file2str(const char *filename, char ret[], int cap)
+ {
+-- 
+2.19.1
+
--- a/lxc.spec
+++ b/lxc.spec
@ -1,4 +1,4 @@
-%global _release 2020031002
+%global _release 2020040201
 %global debug_package %{nil}

 Name:           lxc
@ -149,6 +149,8 @@ Patch9139:      0137-lxc-fix-bug-in-read-proc.patch
 Patch9140:      0138-resize-implement-resize-function-in-exec-start.patch
 Patch9141:      0139-lxc-fix-get-cgroup-path-by-config-instead-of-cmd.patch
 Patch9142:      0140-lxc-remove-umask-when-populate-devices.patch
+Patch9143:      0141-lxc-decode-some-escape-charactors-of-lxc-config-file.patch
+Patch9144:      0142-lxc-fix-non-root-user-cannot-write-dev-stdout.patch

 BuildRequires:  systemd-units git libtool graphviz docbook2X doxygen chrpath
 BuildRequires:  pkgconfig(libseccomp)
--- a/series.conf
+++ b/series.conf
@ -138,3 +138,6 @@ lxc-CVE-2019-5736-runC-rexec-callers-as-memfd.patch
 0137-lxc-fix-bug-in-read-proc.patch
 0138-resize-implement-resize-function-in-exec-start.patch
 0139-lxc-fix-get-cgroup-path-by-config-instead-of-cmd.patch
+0140-lxc-remove-umask-when-populate-devices.patch
+0141-lxc-decode-some-escape-charactors-of-lxc-config-file.patch
+0142-lxc-fix-non-root-user-cannot-write-dev-stdout.patch