[Bug 10481] New: unshare doesn't work with busybox binaries

bugzilla at busybox.net bugzilla at busybox.net
Fri Nov 3 05:20:21 UTC 2017 

https://bugs.busybox.net/show_bug.cgi?id=10481

            Bug ID: 10481
           Summary: unshare doesn't work with busybox binaries
           Product: Busybox
           Version: 1.26.x
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: Other
          Assignee: unassigned at busybox.net
          Reporter: acornejo at gmail.com
                CC: busybox-cvs at busybox.net
  Target Milestone: ---

Can't use busybox unshare without root:

$ ./busybox unshare -r ./busybox sh -c "echo hi"
unshare: unshare(0x4000000): Operation not permitted

If I use the non busybox binary versions things work as expected:

$ unshare -r sh -c "echo hi"
hi

If I run as root things work as expected.

Here is the strace output:

# strace ./busybox unshare -r ./busybox sh -c "echo hi"
execve("./busybox", ["./busybox", "unshare", "-r", "./busybox", "sh", "-c",
"echo hi"], [/* 73 vars */]) = 0
arch_prctl(ARCH_SET_FS, 0x6f0f30)       = 0
set_tid_address(0x6f0f68)               = 26481
getuid()                                = 1000
stat("/etc/busybox.conf", 0x7ffc27391b70) = -1 ENOENT (No such file or
directory)
getgid()                                = 1000
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setgid(1000)                            = 0
futex(0x6f1360, FUTEX_WAKE_PRIVATE, 2147483647) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[RTMIN RT_1 RT_2], [], 8) = 0
rt_sigprocmask(SIG_BLOCK, ~[], NULL, 8) = 0
setuid(1000)                            = 0
futex(0x6f1360, FUTEX_WAKE_PRIVATE, 2147483647) = 0
rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0
geteuid()                               = 1000
getegid()                               = 1000
unshare(CLONE_NEWUTS)                   = -1 EPERM (Operation not permitted)
write(2, "unshare: unshare(0x4000000): Ope"..., 53unshare: unshare(0x4000000):
Operation not permitted
) = 53
exit_group(1)                           = ?

So it fails on the call to unshare


Given that this works fine with the non-busybox version of unshare, its clearly
not a problem of my system, but with busybox.

I suspect it has to do with the calls to setgid + setuid before calling unshare
(these do not appear on the strace of the regular unshare binary).

-- 
You are receiving this mail because:
You are on the CC list for the bug.

More information about the busybox-cvs mailing list