[pve-devel] [PATCH lxcfs v3 10/13] lxc.mount.hook: override env variables from container config

[Filip Schauer]

This can still break `/bin/sh` if an OCI image injects a different
`libc.so.6` with $LD_LIBRARY_PATH.

Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
---
Arbitrary code execution is theoretically still possible with a
specially crafted OCI image that provides a shared library and points
$LD_LIBRARY_PATH to its parent directory. Although the code is confined
to the container's namespace, it can still see the host file system.
While this may not pose a significant security risk, it is nonetheless
suboptimal. I am unsure about the best way to fully mitigate this.

Introduced in v3

 .../patches/reset-path-to-host-defaults.patch | 38 +++++++++++++++++++
 debian/patches/series                         |  1 +
 2 files changed, 39 insertions(+)
 create mode 100644 debian/patches/reset-path-to-host-defaults.patch

diff --git a/debian/patches/reset-path-to-host-defaults.patch b/debian/patches/reset-path-to-host-defaults.patch
new file mode 100644
index 0000000..12f150d
--- /dev/null
+++ b/debian/patches/reset-path-to-host-defaults.patch
@@ -0,0 +1,38 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Filip Schauer <f.schauer at proxmox.com>
+Date: Mon, 23 Jun 2025 13:05:35 +0200
+Subject: [PATCH] lxc.mount.hook: override env variables from container
+ config
+
+Without this, if the container config specifies a custom PATH variable
+via lxc.environment that omits /usr/bin or /bin, binaries like
+`readlink` and `mount` may not be found, causing container startup to
+fail.
+
+Fixes startup breakage with images like `ghcr.io/nixos/nix:latest`.
+
+This also mitigates arbitrary code execution during container startup
+before pivot_root (albeit confined in its own namespace) with a
+specially crafted OCI image providing a custom `readlink` or `mount`
+binary and pointing the PATH variable to it.
+
+Signed-off-by: Filip Schauer <f.schauer at proxmox.com>
+---
+ share/lxc.mount.hook.in | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/share/lxc.mount.hook.in b/share/lxc.mount.hook.in
+index 6fd13b0..a25a5ef 100755
+--- a/share/lxc.mount.hook.in
++++ b/share/lxc.mount.hook.in
+@@ -11,6 +11,10 @@ do
+ 	shift
+ done
+ 
++# Set the PATH variable in case it was modified by lxc.environment
++PATH=/usr/bin:/bin
++LD_LIBRARY_PATH=
++
+ # We're dealing with mount entries, so expand any symlink
+ LXC_ROOTFS_MOUNT=$(readlink -f "${LXC_ROOTFS_MOUNT}")
+ 
diff --git a/debian/patches/series b/debian/patches/series
index bf650b4..f3391c0 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1 +1,2 @@
 do-not-start-without-lxcfs.patch
+reset-path-to-host-defaults.patch
-- 
2.47.2