agent: do not follow link when mounting container proc and sysfs

Attackers might use it to explore other containers in the same pod. While it is still safe to allow it, we can just close the race window like runc does. Fixes: #885 Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2025-06-25 15:02:45 +00:00 · 2020-10-09 12:04:48 +08:00 · 2020-10-09 12:04:48 +08:00 · b7147edadb
commit b7147edadb
parent 367e436ff8
1 changed files with 15 additions and 0 deletions
--- a/src/agent/rustjail/src/mount.rs
+++ b/src/agent/rustjail/src/mount.rs
@ -205,6 +205,21 @@ pub fn init_rootfs(
                check_proc_mount(m)?;
            }

+            // If the destination already exists and is not a directory, we bail
+            // out This is to avoid mounting through a symlink or similar -- which
+            // has been a "fun" attack scenario in the past.
+            if m.r#type == "proc" || m.r#type == "sysfs" {
+                if let Ok(meta) = fs::symlink_metadata(&m.destination) {
+                    if !meta.is_dir() {
+                        return Err(anyhow!(
+                            "Mount point {} must be ordinary directory: got {:?}",
+                            m.destination,
+                            meta.file_type()
+                        ));
+                    }
+                }
+            }
+
            mount_from(cfd_log, &m, &rootfs, flags, &data, "")?;
            // bind mount won't change mount options, we need remount to make mount options
            // effective.