------- Comment From boris.m...@de.ibm.com 2024-12-05 07:22 EDT------- This bug was already detected in Jammy and was fixed in Ubuntu 22.04 (package qemu - 1:6.2+dfsg-2ubuntu6.21) ==> see bugzilla / LP item 'Bug 206380 - LP2065579 : [UBUNTU 22.04] OS guest boot issues on 9p filesystem'
Now, the problem seems to be back with Noble. ------- Comment From d.herrendoer...@de.ibm.com 2024-12-05 07:25 EDT------- >From the original Jammy bug: This Bug is the result of the fix to: CVE-2023-2861: Prohibit opening any special file directly on host I also opened a Bug in the qemu bugtracker https://gitlab.com/qemu-project/qemu/-/issues/2337 The containers fail because syslog cannot open its unix domain socket on the filesystem. We tracked the change that provokes this error to a CVE change in qemu that forbids opening of special files to prevent exposing data from the host. Special files should be handled by the guest os. Unix domain socket files are also special files, and they are handled by the guest OS in their entirety, and the 9p server in qemu assigns them individual inodes so they are safe to open. But they must be opened so their fd can be passed to the appropriate connect() or bind() function so the OS can use them. Socket files don't have a traditional read or write functionality, they are mere representatives for a local address. There is no convention for where domain socket files should go, so there is no easy fix by just creating a tmpfs somewhere. We also see other workloads and services failing for not being able to open their local socket files. The analysis of CVE-2023-2861 in detail reveals - opening of device files through the 9p server directly grants access to read/write functions of those device files. Also device files can be created in-place anywhere. - opening of FIFOs is somewhat unsafe as long as there are possible collisions that could expose host data using read/write. - opening of sockets is safe because the 9p server protects the revealed inode and provides no way to connect the file to a socket. The qemu team has made a change, but that only made things different, not better. ** Bug watch added: gitlab.com/qemu-project/qemu/-/issues #2337 https://gitlab.com/qemu-project/qemu/-/issues/2337 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2861 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2091099 Title: [UBUNTU 24.04] OS guest boot issues on 9p filesystem Status in linux package in Ubuntu: New Bug description: == Reported by <d.herrendoer...@de.ibm.com> - 2024-12-04 == ---Problem Description--- [UBUNTU 24.04] OS guest boot issues on 9p filesystem ---uname output--- Linux winlnxnw 6.8.0-45-generic #45-Ubuntu SMP Fri Aug 30 11:09:37 UTC 2024 s390x s390x s390x GNU/Linux Contact Information = d.herrendoer...@de.ibm.com Machine Type = 3931-7G4 ---Steps to Reproduce--- Run this script (fails with a qemu error message) #!/bin/bash # Cleanup target dir [ -d ./target ] && rm -rf target mkdir target # Add configuration updates mkdir -p ./target/etc/initramfs-tools/ echo 9p >> ./target/etc/initramfs-tools/modules echo 9pnet_virtio >> ./target/etc/initramfs-tools/modules # Add the test script cat > ./target/test_init << EOF #!/bin/bash echo "Test for unix domain sockets" nc -Ul /socket & sleep 1 echo "Sockets work" | nc -UN /socket || echo "Sockets fail" echo o > /proc/sysrq-trigger sleep 999 EOF chmod 700 ./target/test_init # Create an Ubuntu 23.10 around it echo "Creating Ubuntu target OS" debootstrap --variant=minbase\ --include=udev,kmod,initramfs-tools,systemd,netcat-openbsd,linux-image-generic \ --exclude=man,bash-completion \ noble ./target > /dev/null || exit 1 # Run the test in 9p forwarded filesystem echo "Running OS in qemu" qemu-system-s390x \ -m 8192 \ -smp 4 \ -nodefaults -nographic -no-reboot -no-user-config \ -kernel ./target/boot/vmlinuz \ -initrd ./target/boot/initrd.img \ -append 'root=fsRoot rw rootfstype=9p rootflags=trans=virtio,version=9p2000.L,msize=512000,cache=mmap,posixacl console=ttysclp0 init=/test_init quiet' \ -fsdev local,security_model=passthrough,multidevs=remap,id=fsdev-fsRoot,path=./target \ -device virtio-9p-pci,id=fsRoot,fsdev=fsdev-fsRoot,mount_tag=fsRoot \ -device virtio-serial-ccw -device sclpconsole,chardev=console \ -chardev stdio,id=console,signal=off ---Debugger--- A debugger is not configured Userspace tool obtained from project website: na Userspace rpm: qemu-(current).deb Userspace tool common name: qemu The userspace tool has the following bit modes: both *Additional Instructions for d.herrendoer...@de.ibm.com: -Post a private note with access information to the machine that the bug is occuring on. -Attach ltrace and strace of userspace application. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2091099/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
