|
|
Subscribe / Log in / New account

Unprivileged chroot()

Unprivileged chroot()

Posted Mar 18, 2021 9:14 UTC (Thu) by matthias (subscriber, #94967)
In reply to: Unprivileged chroot() by geofft
Parent article: Unprivileged chroot()

Would it be possible to create a chroot command that has CAP_SYS_CHROOT filesystem capabilities, does the chroot, drops CAP_SYS_CHROOT and sets NO_NEW_PRIVS before calling the supplied command?

to post comments

Unprivileged chroot()

Posted Mar 18, 2021 12:26 UTC (Thu) by winstonx86 (subscriber, #138536) [Link]

Yes but I suppose you couldn’t perform a second chroot because of the NO_NEW_PRIVS

Unprivileged chroot()

Posted Mar 18, 2021 16:54 UTC (Thu) by floppus (guest, #137245) [Link] (1 responses)

It's dangerous to allow that if the process is already chrooted, since it lets you escape from the outer chroot.

For that reason (I think), unprivileged processes can't create user namespaces when they're already chrooted, and the proposed unprivileged chroot would likewise be forbidden.

Unprivileged chroot()

Posted Mar 18, 2021 17:05 UTC (Thu) by matthias (subscriber, #94967) [Link]

Yes, my suggestion was to use the modified chroot command as an alternative to unprivileged chroot() syscall. And it was not meant to be used repeatedly. Obviously, it cannot be used repeatedly as after one execution NO_NEW_PRIVS is set and the CAP_CHROOT filesystem capability will have no effect.

And of course, if someone chroots a process without NO_NEW_PRIVS in a classic way, there should be no enchanted chroot command that gets capabilities from the filesystem laying around inside the new root.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds