netbsd-bugs: kern/36996: procfs exposes real path when used inside chroot

Subject: kern/36996: procfs exposes real path when used inside chroot
To: None <kern-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <martti.kuparinen@iki.fi>
List: netbsd-bugs
Date: 09/17/2007 09:10:00

>Number:         36996
>Category:       kern
>Synopsis:       procfs exposes real path when used inside chroot
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Sep 17 09:10:00 +0000 2007
>Originator:     Martti Kuparinen
>Release:        NetBSD 4.0_RC1
>Organization:
>Environment:
System: NetBSD p130.mydomain.com 4.0_RC1 NetBSD 4.0_RC1 (P130) #1: Mon Sep 17 08:48:23 EEST 2007 root@p130.mydomain.com:/usr/src/sys/arch/amd64/compile/P130 amd64
Architecture: x86_64
Machine: amd64
>Description:

In NetBSD 3.x procfs does not expose the chroot'ed process' real directory
path whereas in NetBSD 4.0 the chroot'ed process is able to determine
its real location on the filesystem, even though it's (hopefully) unable
to access the complete filesystem on the "host".

I'm not sure if this is a feature or a serious bug of procfs. Personally
I think the real path should not be exposed as the chroot'ed process
should think it's running on its own host.

I detected this weird behaviour when trying to build packages inside a
chroot cage on our new server running 4.0_RC1 and some of the perl
packages failed to build.

>How-To-Repeat:

1. Extract all distribution sets (say in /var/chroot/netbsd)

   rm -rf /var/chroot/netbsd
   mkdir /var/chroot/netbsd
   for i in *.tgz; do tar xpzf $i -C /var/chroot/netbsd; done

2. Create the device nodes in /var/chroot/netbsd/dev by running

   cd /var/chroot/netbsd/dev
   sh MAKEDEV all"

3. Mount procfs inside the chroot by running

   mkdir -p /var/chroot/netbsd/proc
   mount -t procfs /var/chroot/netbsd/proc

4. Mount pkgsrc inside the chroot by running

   mkdir -p /var/chroot/netbsd/usr/pkgsrc
   mount -t null /usr/pkgsrc /var/chroot/netbsd/usr/pkgsrc

5. Go into the chroot

   chroot /var/chroot/netbsd /bin/sh

6. Run "make configure" in /usr/pkgsrc/net/p5-Socket6 and see the
   generated config.log. Now observe the reference to /var/chroot/netbsd
   in case of NetBSD 4.0.

   In NetBSD 3.x the path looks like this

     $ ./configure --with-perl=/usr/pkg/bin/perl

   whereas in NetBSD 4.0 the path looks like this

     $ ./configure --with-perl=/var/chroot/netbsd/usr/pkg/bin/perl

>Fix: