Skip to content

jailer doesn't ensure correct permissions for /dev inside the jail #1802

New issue
New issue
Closed
Closed
jailer doesn't ensure correct permissions for /dev inside the jail#1802
Assignees
alxiord
Labels
Priority: HighIndicates than an issue or pull request should be resolved ahead of issues or pull requests labelledType: BugIndicates an unexpected problem or unintended behavior
@alxiord

Description

@alxiord
alxiord
opened on Apr 20, 2020

The jailer creates the /dev, /dev/net and /run folders inside the jail but doesn't ensure that they're accessible for the unprivileged user which firecracker will run under. This can lead to errors when attempting to open devices (dev/kvm and /dev/net/tun), even if the permissions on the devices themselves are correctly set.

firecracker/src/jailer/src/env.rs

Line 180 in 8943f41

fs::create_dir_all(path).map_err(|e| Error::CreateDir(PathBuf::from(path), e))?;

Metadata

Metadata

Assignees

Labels

Priority: HighIndicates than an issue or pull request should be resolved ahead of issues or pull requests labelledType: BugIndicates an unexpected problem or unintended behavior

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions