[Bug 1764715] [NEW] /dev/pts/0 access detected as /0

ChristianEhrhardt Tue, 17 Apr 2018 04:10:59 -0700

Public bug reported:

Hi,
while debugging bug 1764373 I found this (distracting me at first).
But I realized those are two different issues.


So I'm filing the apparmor issue here.

Testcase:
0. get two LXD containers with Bionic
1. create KVM guest with uvtool

When the guest is spawning it tries to open /dev/pts/0 (and similar) for its 
console.
Here an strace:
     0.000034 stat("/dev/pts/0", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 
0), ...}) = 0 <0.000017>
     0.000052 openat(AT_FDCWD, "/dev/pts/0", O_RDWR|O_NOCTTY) = 11 <0.000019>
     0.000330 ioctl(11, TCGETS, {B38400 opost isig icanon echo ...}) = 0 
<0.000105>
     0.000139 ioctl(11, TCGETS, {B38400 opost isig icanon echo ...}) = 0 
<0.000010>
     0.000034 ioctl(11, SNDCTL_TMR_CONTINUE or TCSETSF, {B38400 -opost -isig 
-icanon -echo ...}) = 0 <0.000013>
     0.000037 ioctl(11, TCGETS, {B38400 -opost -isig -icanon -echo ...}) = 0 
<0.000010>
     0.000034 ioctl(10, TCGETS, {B38400 -opost -isig -icanon -echo ...}) = 0 
<0.000011>
     0.000033 ioctl(10, TIOCGPTN, [0]) = 0 <0.000010>
     0.000033 stat("/dev/pts/0", {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 
0), ...}) = 0 <0.000016>
     0.000045 close(11) = 0 <0.000013>

The only Permission denied thou (at all) is on /dev/pts/0 with this call:
0.000055 ioctl(10, TIOCGPTPEER, 0x102) = -1 EACCES (Permission denied) 
<0.000025>

But this is blocked by Apparmor according to dmesg:
audit: type=1400 audit(1523957176.480:37835): apparmor="DENIED"
namespace="root//lxd-testkvm-bionic-tononshared_<var-lib-lxd>"
pid=8721 comm="qemu-system-x86"
fsuid=64055 ouid=64055
profile="libvirt-1c67131a-7177-4f49-9840-f1092310890d"
denied_mask="wr"
  operation="open"
  name="/0"
  requested_mask="wr"

Now I wonder about two things:
1. it should be allowed as the profile has
    #include <abstractions/consoles>
    And that has:
     /dev/pts/[0-9]* rw,
2. I think it misses parts of the path as it is a mount point
   devpts on /dev/pts type devpts 
(rw,nosuid,noexec,relatime,mode=620,ptmxmode=666,max=1024)

I think apparmor should process this as /dev/pts/0 still and then allow
it.

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1764715

Title:
  /dev/pts/0 access detected as /0

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1764715/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1764715] [NEW] /dev/pts/0 access detected as /0

Reply via email to