Bug 160680
Summary: | df command fails for non-root user when caching nameserver installed | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | John Horne <john.horne> |
Component: | coreutils | Assignee: | Tim Waugh <twaugh> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | jvdias |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-06-22 17:22:01 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
John Horne
2005-06-16 16:31:45 UTC
There is definitely some weird behaviour from coreutils' "df" going on here. With named running from a chroot (bind-chroot package installed, "service named start" run): If, as root, you do: # chmod o+rx /var/named /var/named/chroot /var/named/chroot/proc And then, as a non-root user: $ df df completes normally without any errors, but DOES NOT DISPLAY ANYTHING about /proc mounts. But if you leave the /var/named{/,/chroot,/chroot/proc} directories with their default permissions as on clean install: # chmod o-rx /var/named{/,/chroot,/chroot/proc} And then as a non-root user do: $ df df emits these error messages and EXITS WITH '1' exit status: df: `/proc/sys/fs/binfmt_misc': permission denied df: `/var/named/chroot/proc:' permission denied There are several df problems here: 1. If df does not display anything about procfs mounts to a non-root user when the permission of /var/named/chroot/proc allows read/search by "other", then it should not display anything about procfs mounts if this permission is not granted. 2. When the permission of /var/named/chroot/proc does not allow read/search by other, why does df complain about lack of permissions for /proc/sys/fs/binfmt_misc ? 3. df should not be exiting with a failure exit status if it does not have read+search permission for a procfs mount point, as if it had such permission, it would report nothing about procfs mount points. The temporary workaround for this bug is to do: # chmod o+rx /var/named/{/,chroot/,chroot/proc} which somewhat reduces the security afforded by the bind-chroot environment. Note that the extra bind-chroot security is made redundant by the named SELinux security policy: if you have SELinux enabled, then you should do # rpm -e bind-chroot and the named SELinux policy would provide more security than the bind-chroot environment did, and this problem would not occur. But I think the df problems above should be fixed . Two points here: 1) I get no errors about binfmt_misc, only the /var/named/chroot entry. However! Having used your workaround, 'df' worked fine. Setting the /var/named{/,chroot/,chroot/proc} permissions back again to their original values, I now get an error: df -k Filesystem 1K-blocks Used Available Use% Mounted on /dev/md2 8955432 6239508 2253668 74% / /dev/md0 100890 15382 80299 17% /boot /dev/shm 257312 0 257312 0% /dev/shm df: `/proc/sys/fs/binfmt_misc': Permission denied df: `/var/named/chroot/proc': Permission denied The /var/named/chroot/proc is a link to /proc so should be set to mode 555 (I think!). The problem is /var/named and /var/named/chroot, not the /var/named/chroot/proc (or /proc) directories. 2) An interesting point about not needing bind-chroot because of SElinux. It would seem best (for us) to remove the bind-chroot if SElinux provides the same security. The /var/named/chroot/proc is not a link, or should not be - nothing in the BIND scripts makes it into a link - it cannot be a symbolic link as it would not resolve under a chroot, nor can it be a hardlink as /var is often on a different partition to / - the proc filesystem must be mounted there. BIND can get some sysconf(3) parameters and interface lists wrong if the proc fs is not mounted under the /proc in the root in which it runs. Yes, having SELinux Enabled and Enforcing is more secure than the bind-chroot environment . Just to clarify, here are the anomalous effects of different modes on df(1) behavior: [ root # ] ls -ld /var/named{/,/chroot{/,/proc}} drwxr-x--- 3 root named 1024 May 25 18:54 /var/named/ drwxr-x--- 5 root named 1024 May 25 18:55 /var/named/chroot/ dr-xr-xr-x 114 root root 0 Jun 17 10:13 /var/named/chroot/proc [ user $ ] df -kl Filesystem 1K-blocks Used Available Use% Mounted on /dev/hda8 507588 358708 122674 75% / /dev/hda1 128357 10544 111186 9% /boot none 257380 0 257380 0% /dev/shm /dev/hda11 9422000 5406124 3537256 61% /home /dev/hda6 2063160 34496 1923860 2% /tmp /dev/hda9 8256888 5753492 2083972 74% /usr /dev/hda10 4128320 2629228 1289332 68% /usr/src /dev/hda7 507588 297221 184161 62% /var df: `/var/named/chroot/proc': Permission denied [ user $ ] echo $? 1 [ root # ] chmod go+rx /var/named{/,/chroot{/,/proc}} [ root # ] ls -ld /var/named{/,/chroot{/,/proc}} drwxr-xr-x 3 root named 1024 May 25 18:54 /var/named/ drwxr-xr-x 5 root named 1024 May 25 18:55 /var/named/chroot/ dr-xr-xr-x 115 root root 0 Jun 17 10:13 /var/named/chroot/proc [ user $ ] df -kl Filesystem 1K-blocks Used Available Use% Mounted on /dev/hda8 507588 358708 122674 75% / /dev/hda1 128357 10544 111186 9% /boot none 257380 0 257380 0% /dev/shm /dev/hda11 9422000 5406124 3537256 61% /home /dev/hda6 2063160 34496 1923860 2% /tmp /dev/hda9 8256888 5753492 2083972 74% /usr /dev/hda10 4128320 2629228 1289332 68% /usr/src /dev/hda7 507588 297227 184155 62% /var [ user $ ] echo $? 0 [ root # ] chmod go-rx /var/named{/,/chroot{/,/proc}} [ root # ] ls -l /var/named{/,/chroot{/,/proc}} drwx------ 3 root named 1024 May 25 18:54 /var/named/ drwx------ 5 root named 1024 May 25 18:55 /var/named/chroot/ dr-x------ 114 root root 0 Jun 17 10:13 /var/named/chroot/proc [ user $ ] df -kl Filesystem 1K-blocks Used Available Use% Mounted on /dev/hda8 507588 358708 122674 75% / /dev/hda1 128357 10544 111186 9% /boot none 257380 0 257380 0% /dev/shm /dev/hda11 9422000 5406124 3537256 61% /home /dev/hda6 2063160 34496 1923860 2% /tmp /dev/hda9 8256888 5753492 2083972 74% /usr /dev/hda10 4128320 2629228 1289332 68% /usr/src /dev/hda7 507588 297227 184155 62% /var df: `/proc/sys/fs/binfmt_misc': Permission denied df: `/var/named/chroot/proc': Permission denied [ user $ ] echo $? 1 df(1) should really not be returning failure if it does not have permission to find out about a mount-point that it would display no information about if it had such permission. Also the effect of complaining about /proc/sys/fs/binfmt_misc if df has no permission for /var/named/chroot/proc is very weird. I am a bit confused about what the /var/named/chroot/proc is then. In my case I can see: [root@jhorne proc]# ls -ldi /proc /var/named/chroot/proc 1 dr-xr-xr-x 161 root root 0 Jun 17 11:13 /proc 1 dr-xr-xr-x 161 root root 0 Jun 17 11:13 /var/named/chroot/proc which to me makes them look exactly the same. /var is on the same partition as '/'. I thought the problem with binfmt_misc was caused by the fact that you ran 'chmod go-rx /var/named{/,/chroot{/,/proc}}'. As such I suspect that '/proc' on your system has now been changed from its usual 555 mode. Hence binfmt_misc cannot be read either so causes a problem for 'df'. The /proc and /var/named/chroot/proc are mount points to the same filesystem, which is why they look the same - /var/named/chroot/proc is NOT a link to /proc. The mode of my /proc mountpoint was never changed from 555, because /var/named{/,/chroot{/,/proc}} expands to "/var/named/ /var/named/chroot/ /var/named/proc". I meant: "/var/named/ /var/named/chroot/ /var/named/chroot/proc". Yes, but: [root@jhorne chroot]# ls -ldi /proc /var/named/chroot/proc 1 dr-xr-xr-x 162 root root 0 Jun 17 11:13 /proc 1 dr-xr-xr-x 162 root root 0 Jun 17 11:13 /var/named/chroot/proc chmod go-rx /var/named{/,/chroot{/,/proc}} [root@jhorne chroot]# ls -ldi /proc /var/named/chroot/proc 1 dr-x------ 162 root root 0 Jun 17 11:13 /proc 1 dr-x------ 162 root root 0 Jun 17 11:13 /var/named/chroot/proc chmod go+rx /var/named{/,/chroot{/,/proc}} [root@jhorne chroot]# ls -ldi /proc /var/named/chroot/proc 1 dr-xr-xr-x 162 root root 0 Jun 17 11:13 /proc 1 dr-xr-xr-x 162 root root 0 Jun 17 11:13 /var/named/chroot/proc So the permissions on /proc have changed, and df gives an error about binfmt_misc. df is not in error here. Filesystem statistics are omitted for filesystems where fsu_blocks==0, and this includes procfs. As root, you can run 'df -ah' and see information on the 'hidden' filesystem. The catch is that it only knows that it can omit that filesystem *if* it can statvfs it and find out what fsu_blocks is. Otherwise it may be any filesystem type. FWIW, this pstream patch: http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00273.html looks like it might work around the problem. |