mount(2) will blindly follow symlinks, which is a problem because it
allows a malicious container to trick runc into mounting /proc to an
entirely different location (and thus within the attacker's control for
a rename-exchange attack).
This is just a hotfix (to "stop the bleeding"), and the more complete
fix would be finish libpathrs and port runc to it (to avoid these types
of attacks entirely, and defend against a variety of other /proc-related
attacks). It can be bypased by someone having "/" be a volume controlled
by another container.
Fixes: CVE-2019-19921
Signed-off-by: Aleksa Sarai <asarai@suse.de>
Signed-off-by: xiadanni1 <xiadanni1@huawei.com>
reason:This allows the libcontainer to automatically clean up
runc:[1:CHILD] processes created as part of nsenter.
Signed-off-by: Alex Fang <littlelightlittlefire@gmail.com>
