Do not create tmpdir and bind mount /proc/self/fd on /proc instead (!119) · Merge requests · virtio-fs / virtiofsd

Vivek Goyal requested to merge vgoyal/virtiofsd-rs:remove-tmp-dir-for-proc into main May 23, 2022

virtiofsd needs access to /proc/self/fd but we also want to make sure that if virtiofsd is hacked, it is not able to traverse up the directory tree and be able to access /proc/ etc.

Currently virtiofsd creates a tmpdir and bind mounts /proc/self/fd/ there and then opens an O_PATH fd for tmpdir. And then it deletes the tmpdir.

C version of virtiofsd bind mounts /proc/self/fd on /proc/ and then opens an O_PATH fd on /proc.

Creating a separate dir needs to find a temporary space and SELinux policy might not allow for writing to some tmp space directly. Instead runtime needs to setup some space and label it properly so that virtiofsd can write to it.

So going away from the need of creating tmpdir will be good as long as one can not traverse into /proc/self or /proc. I think it is not possible with bind mounting /proc/self/fd on /proc. So proposing this patch.

Closes #49 (closed)

Signed-off-by: Vivek Goyal vgoyal@redhat.com

Edited May 26, 2022 by Sergio Lopez

Do not create tmpdir and bind mount /proc/self/fd on /proc instead

Merge request reports