nspawn: uidshifted root can't access /proc entries #8427
Description
Submission type
- Bug report
- Follow up to nspawn: --private-users mounts /proc owned by 65534:65534, uidshifted root can't access /proc entries #3052
systemd version the issue has been seen with
237
Used distribution
Arch Linux (4.14.24-1-lts)
In case of bug report: Expected behaviour you didn't see
inside nspawn container i should be able to read
/proc/net/ip_tables_names
In case of bug report: Unexpected behaviour you saw
/proc/net/ip_tables_namesis owned bynobody
In case of bug report: Steps to reproduce the problem
try to read
/proc/net/ip_tables_namescat /proc/net/ip_tables_names cat: /proc/net/ip_tables_names: Permission denied ls -la /proc/net/ip_tables_names -r--r----- 1 nobody nobody 0 12. Mär 10:22 /proc/net/ip_tables_names
According to https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git/commit/?id=f13f2aeed154da8e48f90b85e720f8ba39b1e881 this should work.
This fix was integrated into Kernel 4.5 (https://bugzilla.netfilter.org/show_bug.cgi?id=1064#c3), so i think this should also work in nspawn-containers.