systemd-nspawn: EPERM mounting sysfs inside container

[SEIAROTg]

systemd version the issue has been seen with

253.1, 253.3

Used distribution

NixOS 23.05

Linux kernel version used

5.15.114

CPU architectures issue was seen on

x86_64

Component

systemd-nspawn

Expected behaviour you didn't see

Inside a systemd-nspawn (252.5, which is good) container:

$ ip netns add test
$ ip netns exec test ip a
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
$ mount -t sysfs sysfs /sys

strace on ip netns exec test ip a shows it succeeded in mounting sysfs:

mount("", "/", 0x5620045b885f, MS_REC|MS_SLAVE, NULL) = 0
umount2("/sys", MNT_DETACH)             = -1 EINVAL (Invalid argument)
statfs("/sys", {f_type=TMPFS_MAGIC, f_bsize=4096, f_blocks=1024, f_bfree=1024, f_bavail=1024, f_files=1024, f_ffree=1015, f_fsid={val=[2821066525, 2097802640]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RDONLY|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
mount("test", "/sys", "sysfs", MS_RDONLY, NULL) = 0

Unexpected behaviour you saw

Inside a systemd-nspawn (253.1 or 253.3, which are not good) container:

$ ip netns add test
$ ip netns exec test ip a
mount of /sys failed: Operation not permitted
$ mount -t sysfs sysfs /sys
mount: /sys: permission denied.

strace on ip netns exec test ip a shows it failed at mounting sysfs:

mount("", "/", 0x559c6e10f85f, MS_REC|MS_SLAVE, NULL) = 0
umount2("/sys", MNT_DETACH)             = -1 EINVAL (Invalid argument)
statfs("/sys", {f_type=TMPFS_MAGIC, f_bsize=4096, f_blocks=1024, f_bfree=1024, f_bavail=1024, f_files=1024, f_ffree=1015, f_fsid={val=[2350213845, 934180118]}, f_namelen=255, f_frsize=4096, f_flags=ST_VALID|ST_RDONLY|ST_NOSUID|ST_NODEV|ST_NOEXEC|ST_RELATIME}) = 0
mount("test", "/sys", "sysfs", MS_RDONLY, NULL) = -1 EPERM (Operation not permitted)
write(2, "mount of /sys failed: Operation "..., 46mount of /sys failed: Operation not permitted
) = 46
exit_group(-1)                          = ?
+++ exited with 255 +++

Steps to reproduce the problem

1. Set up a fresh container: debootstrap stable ./container http://deb.debian.org/debian.
2. Boot with systemd-nspawn (253.1): systemd-nspawn -b --private-network --private-users=pick -M container.
3. Inside the container, install iproute2 and execute the commands:

   ip netns add test
   ip netns exec test ip a
   mount -t sysfs sysfs /sys
   

I noticed when strace systemd-nspawn itself that 252.5 uses chroot while 253.1 uses pivot_root, which suggests it might be related to 57c10a5 (cc @brauner).

Additional program output to the terminal or log subsystem illustrating the issue

No response

[brauner]

Please see the details provided in:
https://bugzilla.redhat.com/show_bug.cgi?id=2210335#c10

[SEIAROTg]

Thanks for the quick update!

I feel the situation is slightly different here. Directly inside the unprivileged container I have no problem mounting proc but mounting sysfs results in EPERM. Bug 2210335 seems to be about that proc cannot be mounted in another namespace created inside the unprivileged container.

[brauner]

I think the issue is that systemd-nspawn doesn't actually mount sysfs itself in the container, only subdirectories of sysfs are bind-mounted:

├─/sys                                tmpfs                                             tmpfs   ro,nosuid,nodev,noexec,relatime,size=4096k,nr_inodes=1024,mode=555,uid=1194065920,gid=1194065920
│ ├─/sys/fs/cgroup                    cgroup                                            cgroup2 rw,nosuid,nodev,noexec,relatime,favordynmods
│ ├─/sys/block                        sysfs[/block]                                     sysfs   ro,nosuid,nodev,noexec,relatime
│ ├─/sys/bus                          sysfs[/bus]                                       sysfs   ro,nosuid,nodev,noexec,relatime
│ ├─/sys/class                        sysfs[/class]                                     sysfs   ro,nosuid,nodev,noexec,relatime
│ ├─/sys/dev                          sysfs[/dev]                                       sysfs   ro,nosuid,nodev,noexec,relatime
│ ├─/sys/devices                      sysfs[/devices]                                   sysfs   ro,nosuid,nodev,noexec,relatime
│ └─/sys/kernel                       sysfs[/kernel]                                    sysfs   ro,nosuid,nodev,noexec,relatime

So it's the same problem just a slightly different shade of grey. Solution would be to change systemd-nspawn to expose a full sysfs to the container.

Btw, the protection mechanism that this was supposed for systemd-nspawn before my changes didn't work because even if you only exposed parts of sysfs to the container the container was still able to mount a full sysfs.

[poettering]

as discussed on the video call, i figure we should drop the /sys tmpfs thing entirely, and just accept sysfs as the one thing to mount as it is.

long term goal would then be that sysfs gets a mount option that allows suppressing some subtrees

[EBADBEEF]

If anyone else stumbles here, my workaround is to tell systemd-nspawn to bind mount /proc and /sys from the host into the guest. I added these options to the systemd-nspawn command:

--bind=/proc:/run/proc
--bind=/sys:/run/sys

This seems like this might be a dup of #25909 (the symptom matches, but not the explanation).

Without a full view of /proc and /sys, nested containers won't work (docker, lxd, systemd-nspawn, bubblewrap, unshare).

For search help, here are the errors I get:

# docker run -ti docker.io/library/alpine:latest
docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "sysfs" to rootfs at "/sys": mount sysfs:/sys (via /proc/self/fd/7), flags: 0xf: operation not permitted: unknown.

# bwrap --unshare-all --proc /proc --bind / / ls /
bwrap: Can't mount proc on /newroot/proc: Operation not permitted

# lxc launch images:alpine/edge test
Creating test
Starting test
Error: Failed to run: lxd forkstart test /var/lib/lxd/containers /var/log/lxd/test/lxc.conf: exit status 1
Try `lxc info --show-log local:test` for more info
... (from lxd info command) ...
lxc test 20230903044108.836 ERROR    utils - utils.c:safe_mount:1218 - Operation not permitted - Failed to mount "sysfs" onto "/var/lib/lxc/rootfs/sys"

[Jip-Hop]

Btw, the protection mechanism that this was supposed for systemd-nspawn before my changes didn't work because even if you only exposed parts of sysfs to the container the container was still able to mount a full sysfs.

How would I go about doing this?

I'm trying to install lxd as snap in an ubuntu machine running with systemd-nspawn. But lxd won't install, probably due to the apparmor service not starting because /sys/kernel/security is empty.

root@ubuntu2:~# systemctl status apparmor
○ apparmor.service - Load AppArmor profiles
     Loaded: loaded (/lib/systemd/system/apparmor.service; enabled; vendor preset: enabled)
     Active: inactive (dead)
     Assert: start assertion failed at Sat 2024-01-27 06:20:44 CET; 2s ago
             AssertPathIsReadWrite=/sys/kernel/security/apparmor/.load was not met
       Docs: man:apparmor(7)
             https://gitlab.com/apparmor/apparmor/wikis/home/

Jan 27 06:20:44 ubuntu2 systemd[1]: apparmor.service: Starting requested but asserts failed.
Jan 27 06:20:44 ubuntu2 systemd[1]: Assertion failed for Load AppArmor profiles.
root@ubuntu2:~# ls -la /sys/kernel/security/apparmor/
ls: cannot access '/sys/kernel/security/apparmor/': No such file or directory
root@ubuntu2:~# ls -la /sys/kernel/security/
total 0
dr-xr-xr-x  2 root root 0 Jan 27 06:00 .
drwxr-xr-x 17 root root 0 Jan 27 06:00 ..

I start the machine like this:

systemd-run --property=KillMode=mixed --property=Type=notify --property=RestartForceExitStatus=133 \
--property=SuccessExitStatus=133 --property=Delegate=yes --property=TasksMax=infinity --collect \
--setenv=SYSTEMD_NSPAWN_LOCK=0 --unit=jlmkr-ubuntu2 --working-directory=./jails/ubuntu2 \
--setenv=SYSTEMD_SECCOMP=0 --property=DevicePolicy=auto \
-- \
systemd-nspawn --keep-unit --quiet --boot --machine=ubuntu2 --bind-ro=/sys/module \
--directory=rootfs --capability=all --network-bridge=br1 --resolv-conf=bind-host --bind=/dev/fuse \
--bind=/dev/kvm --bind=/dev/vsock --bind=/dev/vhost-vsock --bind=/proc:/run/proc --bind=/sys:/run/sys

Error when installing lxd:

error: cannot perform the following tasks:
- Run install hook of "lxd" snap if present (run hook "install": 
-----
missing profile snap-update-ns.lxd.
Please make sure that the snapd.apparmor service is enabled and started
snap-update-ns failed with code 1
-----)

[Padam87]

Thank you @EBADBEEF, this seems to work for us.

[LaKing]

When starting docker services on a systemd-nspawn container running on a Fedora host, the error message from the docker daemon is

Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "sysfs" to rootfs at "/sys": mount sysfs:/sys (via /proc/self/fd/6), flags: 0xf: operation not permitted: unknown

This came as surprise after an update.

Mounting sys and proc to the container resolved the issue for now, I'm just not confident over the security implications, and overall system stability.

[outis151]

Docker works for me without bind-mounting /proc, only /sys. Don't know about /sys, but mounting /proc seems to me like a security concern. If nothing else, it exposes a lot of information about the host system.
(Docker 27.5.1, systemd 257.2)

[lkraav]

Docker works for me without bind-mounting /proc, only /sys.

After enabling SystemCallFilter=@keyring bpf, Docker 28.0.1, systemd 256.7 combo still fails 😢

$ docker start node-16
Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "proc" to rootfs at "/proc": mount src=proc, dst=/proc, dstFd=/proc/thread-self/fd/9, flags=0xe: operation not permitted
Error: failed to start containers: node-16