Unprivileged chroot()

Posted Mar 16, 2021 10:05 UTC (Tue) by roc (subscriber, #30627)
In reply to: Unprivileged chroot() by dbnichol
Parent article: Unprivileged chroot()

That's a good point. I prefer the code in question to run unprivileged inside its container, though.

Unprivileged chroot()

Posted Mar 16, 2021 13:45 UTC (Tue) by gscrivano (subscriber, #74830) [Link] (1 responses)

Have you already considered openat2(RESOLVE_IN_ROOT)? Wouldn't that be enough to replace chroot()?

Unprivileged chroot()

Posted Mar 17, 2021 2:07 UTC (Wed) by roc (subscriber, #30627) [Link]

Oooh, I didn't know about RESOLVE_IN_ROOT. That solves my use-case perfectly!

Unfortunately I can't use it yet because I can't guarantee we're running on 5.6 or above, but this is the right API for me.

Unprivileged chroot()

Posted Mar 17, 2021 0:28 UTC (Wed) by dbnichol (subscriber, #39622) [Link]

Right. The way I've seen this done before is to start the new process with several capabilities, setup the environment, and then drop all but the required caps before starting the real work. In a sense it's better than what you could do with the unprivileged chroot that's being suggested here. Once you do the intended chroot, you can drop the capability and then the rest of the code can't use it anymore.