Re: Relax the prohibition of usage fchdir(2) to quit a chroot

["Kamil Rytarowski" <n54%gmx.com@localhost>]

Hello Matt,

Thank you for your reply.

I do agree that the rule looks perfectly sane and in inviolate.... however 
there is the second side of it. The fchdir(2) used i.a. in the venerable RPM is 
very ugly, I do agree with it.

The second side of this ugly hack is that it opens the possibilities to 
flawlessly interfere between the native and a chroot environment and make the 
job done immediately -- just enter_chroot() and quit_chroot() and you are done, 
with zero modification to the code-base, zero additional-logic. Replacing 
flawlessly the broken design with something sane produced many and different 
difficult use-cases of RPM features to get implemented - and in the end I was 
enforced to abandon it at that time.

I was trying to raise this issue a year ago at the RPM main mailing-list [1]...

Well let's please don't shift this discussion from kernel-security to this or 
that piece of 3rd party software, neither this particular use-case.

My proposition is to add:

security.chroot.allow_fchdir_out_of_chroot = 0
security.chroot.allow_sysctl_inside_chroot = 1

It's not broken by a 'the right design', but stops the job from being done.

It passed a year after coming to conclusion how to walk-around it... fix the 
kernel.

With regards,

[1] http://lists.rpm.org/pipermail/rpm-maint/2013-August/003587.html