[Bug 10481] New: unshare doesn't work with busybox binaries
bugzilla at busybox.net
bugzilla at busybox.net
Fri Nov 3 05:20:21 UTC 2017
https://bugs.busybox.net/show_bug.cgi?id=10481
Bug ID: 10481
Summary: unshare doesn't work with busybox binaries
Product: Busybox
Version: 1.26.x
Hardware: All
OS: Linux
Status: NEW
Severity: critical
Priority: P5
Component: Other
Assignee: unassigned at busybox.net
Reporter: acornejo at gmail.com
CC: busybox-cvs at busybox.net
Target Milestone: ---
Can't use busybox unshare without root:
$ ./busybox unshare -r ./busybox sh -c "echo hi"
unshare: unshare(0x4000000): Operation not permitted
If I use the non busybox binary versions things work as expected:
$ unshare -r sh -c "echo hi"
hi
If I run as root things work as expected.
Here is the strace output:
# strace ./busybox unshare -r ./busybox sh -c "echo hi"
execve("./busybox", ["./busybox", "unshare", "-r", "./busybox", "sh", "-c",
"echo hi"], [/* 73 vars */]) = 0
arch_prctl(ARCH_SET_FS, 0x6f0f30) = 0
set_tid_address(0x6f0f68) = 26481
getuid() = 1000
stat("/etc/busybox.conf", 0x7ffc27391b70) = -1 ENOENT (No such file or
directory)
getgid() = 1000
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgid(1000) = 0
futex(0x6f1360, FUTEX_WAKE_PRIVATE, 2147483647) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setuid(1000) = 0
futex(0x6f1360, FUTEX_WAKE_PRIVATE, 2147483647) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
geteuid() = 1000
getegid() = 1000
unshare(CLONE_NEWUTS) = -1 EPERM (Operation not permitted)
write(2, "unshare: unshare(0x4000000): Ope"..., 53unshare: unshare(0x4000000):
Operation not permitted
) = 53
exit_group(1) = ?
So it fails on the call to unshare
Given that this works fine with the non-busybox version of unshare, its clearly
not a problem of my system, but with busybox.
I suspect it has to do with the calls to setgid + setuid before calling unshare
(these do not appear on the strace of the regular unshare binary).
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list