amicontained
amicontained copied to clipboard
genuinetools
PID namespace check seems to no longer be valid
Running on an Ubuntu 22 VM with a 5.15 kernel the PID namespace check incorrectly identified that it was in a namespace.
This looks like the check for the device number being greater than 4 is outdated.
Debugging Information
user@claus:~/src/amicontained$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
user@claus:~/src/amicontained$ uname -a
Linux claus 5.15.0-46-generic #49-Ubuntu SMP Thu Aug 4 18:03:25 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
user@claus:~/src/amicontained$ ./amicontained -d
Container Runtime: not-found
Has Namespaces:
pid: true. <--- Unexpected
user: false
//Snipped
user@claus:~/src/amicontained$ stat /proc/1/ns
File: /proc/1/ns
Size: 0 Blocks: 0 IO Block: 1024 directory
Device: 17h/23d Inode: 28440 Links: 2
Access: (0511/dr-x--x--x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2023-04-05 02:33:18.504000164 +0000
Modify: 2023-04-05 02:33:18.504000164 +0000
Change: 2023-04-05 02:33:18.504000164 +0000
Birth: -
Pro-tip: don't file bugs when tired.
This looks like the check needs to be updated to follow the symlink in /proc/1/ns/pid to still be valid for the device number.
e.g.
user@claus:~/src/amicontained$ sudo stat -c '%d' /proc/1/ns/pid
23
user@claus:~/src/amicontained$ sudo stat -L -c '%d' /proc/1/ns/pid
4
localhost@LAN: ~/src/amicontained$ sudo stat -c '%d' /proc/1/ns/pid 23 $motocare@Admin:~/src/amicontained$ sudo stat -L -c '%d' /proc/1/ns/pid 4
