crun icon indicating copy to clipboard operation
crun copied to clipboard

Published 20 hours ago verified publisher icon containers

Crun self clone and mount the /tmp/crun.c8hM4O to root dev

Open wuji1020 opened this issue 1 year ago • 0 comments

My environment is as follows OS:OpenEuler 22.04 Podman:3.4.4 Crun: 1.4.3

My issue:

  1. I had created containers in my host using podman. and the os is running for several days. I found the root devices sda2 is mounted on /tmp/crun.c8hM4O on the host. the ouput using lsblk is as follows. [root@controller-1 opadmin]# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sda 8:0 0 557.9G 0 disk ├─sda1 8:1 0 1G 0 part /boot ├─sda2 8:2 0 50G 0 part /tmp/crun.c8hM4O │ / ├─sda3 8:3 0 50G 0 part /var/log ├─sda4 8:4 0 1K 0 part ├─sda5 8:5 0 4G 0 part [SWAP] └─sda6 8:6 0 452.9G 0 part /opt/platform sdb 8:16 0 1.1T 0 disk sdc 8:32 0 1.1T 0 disk sdd 8:48 1 14.6G 0 disk
  2. I found the self clone in crun code. the ensure_cloned_binary will call the function clone_binary. then clone_binary calls the try_bindfd function. Here crun will try to mount itself to %s/crun.XXXXXX. so I think this place causes /dev/sda2 to be mounted on the %s/crun.XXXXXX directory. so is this normal or a bug?
static int try_bindfd(void)
{
	mode_t mask;
	int fd, ret = -1;
	char template[PATH_MAX] = {0};
	char *prefix = getenv("_LIBCONTAINER_STATEDIR");

	if (!prefix || *prefix != '/')
		prefix = "/tmp";
	if (snprintf(template, sizeof(template), "%s/crun.XXXXXX", prefix) < 0)
		return ret;

	/*
	 * We need somewhere to mount it, mounting anything over /proc/self is a
	 * BAD idea on the host -- even if we do it temporarily.
	 */
	mask = umask(0700);
	fd = mkstemp(template);
	umask(mask);
	if (fd < 0)
		return ret;
	close(fd);

	/*
	 * For obvious reasons this won't work in rootless mode because we haven't
	 * created a userns+mntns -- but getting that to work will be a bit
	 * complicated and it's only worth doing if someone actually needs it.
	 */
	ret = -EPERM;
	if (mount("/proc/self/exe", template, "", MS_BIND, "") < 0)
		goto out;
	if (mount("", template, "", MS_REMOUNT | MS_BIND | MS_RDONLY, "") < 0)
		goto out_umount;


	/* Get read-only handle that we're sure can't be made read-write. */
	ret = open(template, O_PATH | O_CLOEXEC);

out_umount:
	/*
	 * Make sure the MNT_DETACH works, otherwise we could get remounted
	 * read-write and that would be quite bad (the fd would be made read-write
	 * too, invalidating the protection).
	 */
	if (umount2(template, MNT_DETACH) < 0) {
		if (ret >= 0)
			close(ret);
		ret = -ENOTRECOVERABLE;
	}

out:
	/*
	 * We don't care about unlink errors, the worst that happens is that
	 * there's an empty file left around in STATEDIR.
	 */
	unlink(template);
	return ret;
}

Anyone can help me?

wuji1020 avatar Jan 08 '24 06:01 wuji1020