cmd/hsu: remove parent check
Test / Create distribution (push) Successful in 23s
Test / ShareFS (push) Successful in 29s
Test / Sandbox (race detector) (push) Successful in 32s
Test / Sandbox (push) Successful in 35s
Test / Hakurei (push) Successful in 40s
Test / Hakurei (race detector) (push) Successful in 45s
Test / Flake checks (push) Successful in 1m11s
Test / Create distribution (push) Successful in 23s
Test / ShareFS (push) Successful in 29s
Test / Sandbox (race detector) (push) Successful in 32s
Test / Sandbox (push) Successful in 35s
Test / Hakurei (push) Successful in 40s
Test / Hakurei (race detector) (push) Successful in 45s
Test / Flake checks (push) Successful in 1m11s
This check serves no real purpose and only makes it more difficult to start containers. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
+1
-23
@@ -21,15 +21,6 @@
|
|||||||
// following paragraphs are considered an internal detail and not covered by the
|
// following paragraphs are considered an internal detail and not covered by the
|
||||||
// compatibility promise.
|
// compatibility promise.
|
||||||
//
|
//
|
||||||
// After checking credentials, hsu checks via /proc/ the absolute pathname of
|
|
||||||
// its parent process, and fails if it does not match the hakurei pathname set
|
|
||||||
// at link time. This is not a security feature: the priv-side is considered
|
|
||||||
// trusted, and this feature makes no attempt to address the racy nature of
|
|
||||||
// querying /proc/, or debuggers attached to the parent process. Instead, this
|
|
||||||
// aims to discourage misuse and reduce confusion if the user accidentally
|
|
||||||
// stumbles upon this program. It also prevents accidental use of the incorrect
|
|
||||||
// installation of hsu in some environments.
|
|
||||||
//
|
|
||||||
// Since target container environment variables are set up in shim via the
|
// Since target container environment variables are set up in shim via the
|
||||||
// [container] infrastructure, the environment is used for parameters from the
|
// [container] infrastructure, the environment is used for parameters from the
|
||||||
// parent process.
|
// parent process.
|
||||||
@@ -62,7 +53,6 @@ import (
|
|||||||
"runtime"
|
"runtime"
|
||||||
"slices"
|
"slices"
|
||||||
"strconv"
|
"strconv"
|
||||||
"strings"
|
|
||||||
"syscall"
|
"syscall"
|
||||||
)
|
)
|
||||||
|
|
||||||
@@ -107,18 +97,6 @@ func main() {
|
|||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
var toolPath string
|
|
||||||
pexe := filepath.Join("/proc", strconv.Itoa(os.Getppid()), "exe")
|
|
||||||
if p, err := os.Readlink(pexe); err != nil {
|
|
||||||
log.Fatalf("cannot read parent executable path: %v", err)
|
|
||||||
} else if strings.HasSuffix(p, " (deleted)") {
|
|
||||||
log.Fatal("hakurei executable has been deleted")
|
|
||||||
} else if p != hakureiPath {
|
|
||||||
log.Fatal("this program must be started by hakurei")
|
|
||||||
} else {
|
|
||||||
toolPath = p
|
|
||||||
}
|
|
||||||
|
|
||||||
// refuse to run if hsurc is not protected correctly
|
// refuse to run if hsurc is not protected correctly
|
||||||
if s, err := os.Stat(hsuConfPath); err != nil {
|
if s, err := os.Stat(hsuConfPath); err != nil {
|
||||||
log.Fatal(err)
|
log.Fatal(err)
|
||||||
@@ -205,7 +183,7 @@ func main() {
|
|||||||
log.Fatalf("cannot set no_new_privs flag: %s", errno.Error())
|
log.Fatalf("cannot set no_new_privs flag: %s", errno.Error())
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := syscall.Exec(toolPath, []string{
|
if err := syscall.Exec(hakureiPath, []string{
|
||||||
"hakurei",
|
"hakurei",
|
||||||
"shim",
|
"shim",
|
||||||
}, []string{
|
}, []string{
|
||||||
|
|||||||
@@ -22,7 +22,14 @@ in
|
|||||||
{
|
{
|
||||||
name = "funcgraph-retval";
|
name = "funcgraph-retval";
|
||||||
patch = null;
|
patch = null;
|
||||||
structuredExtraConfig.FUNCTION_GRAPH_RETVAL = lib.kernel.yes;
|
structuredExtraConfig = with lib.kernel; {
|
||||||
|
FUNCTION_GRAPH_RETVAL = yes;
|
||||||
|
|
||||||
|
RUST = lib.mkForce unset;
|
||||||
|
DRM_NOVA = lib.mkForce unset;
|
||||||
|
DRM_PANIC_SCREEN_QR_CODE = lib.mkForce unset;
|
||||||
|
NOVA_CORE = lib.mkForce unset;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|||||||
+4
-2
@@ -92,8 +92,10 @@ print(denyOutput)
|
|||||||
denyOutputVerbose = machine.fail("sudo -u untrusted -i hakurei -v exec &>/dev/stdout")
|
denyOutputVerbose = machine.fail("sudo -u untrusted -i hakurei -v exec &>/dev/stdout")
|
||||||
print(denyOutputVerbose)
|
print(denyOutputVerbose)
|
||||||
|
|
||||||
# Fail direct hsu call:
|
# Direct hsu call:
|
||||||
print(machine.fail("sudo -u alice -i hsu"))
|
userid = machine.succeed("sudo -u alice -i hsu")
|
||||||
|
if userid != "0":
|
||||||
|
raise Exception(f"unexpected userid: {userid}")
|
||||||
|
|
||||||
# Verify hsu fault behaviour:
|
# Verify hsu fault behaviour:
|
||||||
if denyOutput != "hsu: uid 1001 is not in the hsurc file\n":
|
if denyOutput != "hsu: uid 1001 is not in the hsurc file\n":
|
||||||
|
|||||||
Reference in New Issue
Block a user