Root user can't have write access in Kata android container #1748
Description
Description of problem
After launched an android container based on kata, root user can't write/create file even the file owner is root with "drwxr-x--x" access right;
Expected result
root user can own the access right of whom the file owner is root;
Actual result
-
enter android container:
31bc2e1d785a:/ # ls
acct init.environ.rc property_contexts
android-entry init.houdini.rc root
bugreports init.logs.rc sbin
cache init.multidroid.rc sdcard
charger init.multidroid_cloud.rc seapp_contexts
config init.multidroid_cloud.usb.rc selinux_version
d init.rc sepolicy
data init.usb.configfs.rc service_contexts
default.prop init.usb.rc storage
dev init.zygote32.rc sys
etc init.zygote64_32.rc system
file_contexts.bin ipc ueventd.multidroid_cloud.rc
fstab.multidroid_cloud mnt ueventd.rc
init oem vendor
init.crashlogd.rc proc
31bc2e1d785a:/ # -
list the own/group owner/other user access right by "ls -l"
31bc2e1d785a:/ # ls -l
total 6136
drwxr-xr-x 1 root root 17 2019-05-29 13:42 acct
-rwxr-xr-x 1 root root 1266408 2018-11-15 07:24 android-entry
lrwxrwxrwx 1 root root 50 2018-11-15 07:24 bugreports -> /data/user_de/0/com.android.shell/files/bugreports
drwxr-xr-x 2 root root 6 2018-11-15 07:24 cache
lrwxrwxrwx 1 root root 13 2018-11-15 07:24 charger -> /sbin/healthd
drwxr-xr-x 2 root root 6 2018-11-15 07:24 config
lrwxrwxrwx 1 root root 17 2018-11-15 07:24 d -> /sys/kernel/debug
drwxr-x--x 34 root root 4096 2019-05-29 09:13 data
-rw-r--r-- 1 root root 1160 2018-11-15 07:24 default.prop
drwxr-xr-x 15 root root 2980 2019-05-29 13:42 dev
drwxr-xr-x 1 root root 66 2019-05-29 13:42 etc
-rw-r--r-- 1 root root 77090 2018-11-15 07:24 file_contexts.bin
-rw-r--r-- 1 root root 113 2018-11-15 07:24 fstab.multidroid_cloud
-rwxr-xr-x 1 root root 1468488 2018-11-15 07:24 init
-rw-r--r-- 1 root root 647 2018-11-15 07:24 init.crashlogd.rc
-rw-r--r-- 1 root root 887 2018-11-15 07:24 init.environ.rc
-rw-r--r-- 1 root root 541 2018-11-15 07:24 init.houdini.rc
-rw-r--r-- 1 root root 1557 2018-11-15 07:24 init.logs.rc
-rwxr-xr-x 1 root root 1506 2018-11-15 07:24 init.multidroid.rc
-rwxr-xr-x 1 root root 71 2018-11-15 07:24 init.multidroid_cloud.rc
-rw-r--r-- 1 root root 4106 2018-11-15 07:24 init.multidroid_cloud.usb.rc
-rwxr-xr-x 1 root root 27158 2018-11-15 07:24 init.rc
-rw-r--r-- 1 root root 9283 2018-11-15 07:24 init.usb.configfs.rc
-rwxr-xr-x 1 root root 5715 2018-11-15 07:24 init.usb.rc
-rw-r--r-- 1 root root 411 2018-11-15 07:24 init.zygote32.rc
-rw-r--r-- 1 root root 684 2018-11-15 07:24 init.zygote64_32.rc
drwxr-xr-x 3 root root 20 2019-05-29 09:12 ipc
drwxr-xr-x 10 root system 220 2019-05-29 13:42 mnt
drwxr-xr-x 2 root root 6 2018-11-15 07:24 oem
dr-xr-xr-x 84 root root 0 2019-05-29 13:42 proc
-rw-r--r-- 1 root root 4745 2018-11-15 07:24 property_contexts
drwxr-xr-x 2 root root 6 2018-11-15 07:24 root
drwxr-xr-x 2 root root 65 2018-11-15 07:24 sbin
lrwxrwxrwx 1 root root 21 2018-11-15 07:24 sdcard -> /storage/self/primary
-rw-r--r-- 1 root root 758 2018-11-15 07:24 seapp_contexts
-rw-r--r-- 1 root root 71 2018-11-15 07:24 selinux_version
-rw-r--r-- 1 root root 178142 2018-11-15 07:24 sepolicy
-rw-r--r-- 1 root root 11162 2018-11-15 07:24 service_contexts
drwxr-xr-x 3 root root 60 2019-05-29 13:42 storage
dr-xr-xr-x 11 root root 0 2019-05-29 13:42 sys
drwxr-xr-x 17 root root 224 2018-11-15 07:24 system
-rw-r--r-- 1 root root 272 2018-11-15 07:24 ueventd.multidroid_cloud.rc
-rwxr-xr-x 1 root root 4853 2018-11-15 07:24 ueventd.rc
lrwxrwxrwx 1 root root 14 2018-11-15 07:24 vendor -> /system/vendor -
try to modify a file and report the error "sh: can't create test.txt: Read-only file system"
31bc2e1d785a:/data # ls
adb app-private drm misc_ce security user
anr backup local misc_de ss user_de
app bootchart lost+found ota system
app-asec cache media ota_package system_ce
app-ephemeral dalvik-cache mediadrm property system_de
app-lib data misc resource-cache tombstones
31bc2e1d785a:/data # echo 111 > test.txt
sh: can't create test.txt: Read-only file system
1|31bc2e1d785a:/data #
1|31bc2e1d785a:/data # ls -l
total 24
drwx------ 2 root root 6 2019-05-29 09:13 adb
drwxrwxr-x 2 root root 52 2019-05-29 09:13 anr
drwxrwx--x 4 root root 63 2019-05-29 09:13 app
drwx------ 2 root root 6 2019-05-29 09:13 app-asec
drwxrwx--x 2 root root 6 2019-05-29 09:12 app-ephemeral
drwxrwx--x 2 root root 6 2019-05-29 09:13 app-lib
drwxrwx--x 2 root root 6 2019-05-29 09:13 app-private
drwx------ 3 root root 62 2019-05-29 09:12 backup
drwxr-xr-x 2 root root 6 2019-05-29 09:13 bootchart
drwxrwx--- 5 root root 56 2019-05-29 09:13 cache
drwxrwx--x 4 root root 31 2019-05-29 09:12 dalvik-cache
drwxr-x--x 59 root root 4096 2019-05-29 09:13 data
drwxrwx--- 2 root root 6 2019-05-29 09:13 drm
drwxr-x--x 3 root root 17 2019-05-29 09:12 local
drwxrwx--- 2 root root 6 2019-05-29 09:12 lost+found
drwxrwx--- 4 root root 26 2019-05-29 09:13 media
drwxrwx--- 2 root root 6 2019-05-29 09:13 mediadrm
drwxrwx--x 30 root root 4096 2019-05-29 09:13 misc
drwxrwx--x 3 root root 15 2019-05-29 09:13 misc_ce
drwxrwx--x 3 root root 15 2019-05-29 09:13 misc_de
drwxrwx--x 2 root root 6 2019-05-29 09:12 ota
drwxrwx--- 2 root root 6 2019-05-29 09:13 ota_package
drwx------ 2 root root 241 2019-05-29 09:13 property
drwxrwx--x 2 root root 6 2019-05-29 09:13 resource-cache
drwx--x--x 2 root root 6 2019-05-29 09:13 security
drwx------ 2 root root 6 2019-05-29 09:13 ss
drwxrwxr-x 14 root root 4096 2019-05-29 09:12 system
drwxrwx--- 3 root root 15 2019-05-29 09:13 system_ce
drwxrwx--- 3 root root 15 2019-05-29 09:12 system_de
drwxrwxr-x 2 root root 206 2019-05-29 09:12 tombstones
drwx--x--x 2 root root 6 2019-05-29 09:12 user
drwx--x--x 3 root root 15 2019-05-29 09:12 user_de
By the way, if i run the same android container image based on runc or run other Linux container image based on kata, there is no such access issue.
I am not sure if there is related with 9pfs shared ro or build container rootfs to change it into read-only mode.
I will check and verify this issue by code debugging.
Kata version :1.7.0