Harden security check in openat2 syscall handler.

When sysbox traps openat2 and lowers security checks on it, ensure it only does
this when the file is in fact on a sysbox-fs (FUSE) mount.

Signed-off-by: Cesar Talledo <cesar.talledo@docker.com>

Author: ctalledo

domain/nsenter.go

@@ -291,11 +291,12 @@ type GidInfoRespPayload struct {
 }
 
 type Openat2SyscallPayload struct {
-	Header  NSenterMsgHeader `json:"header"`
-	Path    string           `json:"path"`
-	Flags   uint64           `json:"flags"`
-	Mode    uint64           `json:"mode"`
-	Resolve uint64           `json:"resolve"`
+	Header           NSenterMsgHeader `json:"header"`
+	Path             string           `json:"path"`
+	Flags            uint64           `json:"flags"`
+	Mode             uint64           `json:"mode"`
+	Resolve          uint64           `json:"resolve"`
+	CheckForSysboxfs bool             `json:"verifyfs"`
 }
 
 type Openat2RespPayload struct {

mount/service.go

@@ -48,13 +48,12 @@ var SysfsMounts = []string{
 	"/sys/module/nf_conntrack/parameters",
 }
 
-// IsSysboxfsMount checks if the given path is at or under a sysbox-fs mount
+// IsSysboxfsMount checks if the given path is at or under a sysbox-fs mount.
+//
+// Note: this is just a simple string prefix check. A check for actual mountpoints
+// is done by the nsenter agent when handling openat2 requests (since it must be
+// done inside the container's mount ns).
 func IsSysboxfsMount(path string) bool {
-
-	// TODO: don't just check by path name; check that the given path is in fact
-	// on a sysbox-fs managed mount. This likely requires dispatching an nsenter
-	// agent to the container's mount ns to perform the check.
-
 	for _, mountPath := range ProcfsMounts {
 		if strings.HasPrefix(path, mountPath+"/") || path == mountPath {
 			return true

nsenter/event.go

@@ -1579,6 +1579,26 @@ func (e *NSenterEvent) processOpenat2SyscallRequest(pipe *os.File) (int, error)
 
 	p := e.ReqMsg.Payload.(domain.Openat2SyscallPayload)
 
+	// If requested, verify that the target file resides on sysbox-fs
+	if p.CheckForSysboxfs {
+		var statfs unix.Statfs_t
+		if err := unix.Statfs(p.Path, &statfs); err != nil {
+			e.ResMsg = &domain.NSenterMessage{
+				Type:    domain.ErrorResponse,
+				Payload: &fuse.IOerror{RcvError: fmt.Errorf("failed to stat filesystem for %s: %v", p.Path, err)},
+			}
+			return -1, nil
+		}
+
+		if statfs.Type != unix.FUSE_SUPER_MAGIC { // sysbox-fs is a FUSE filesystem
+			e.ResMsg = &domain.NSenterMessage{
+				Type:    domain.ErrorResponse,
+				Payload: &fuse.IOerror{RcvError: fmt.Errorf("file %s is not on sysbox-fs", p.Path)},
+			}
+			return -1, nil
+		}
+	}
+
 	// Adjust nsenter personality (uid/gid and capabilities) to match
 	// the original process performing the syscall. This is needed to
 	// ensure proper permission checks when opening the file.

seccomp/openat2.go

@@ -153,10 +153,11 @@ func (si *openat2SyscallInfo) processOpenat2() (*sysResponse, error) {
 				Cwd:          si.cwd,
 				Capabilities: si.caps,
 			},
-			Path:    fullPath,
-			Flags:   cleanFlags,
-			Mode:    si.mode,
-			Resolve: cleanResolve,
+			Path:             fullPath,
+			Flags:            cleanFlags,
+			Mode:             si.mode,
+			Resolve:          cleanResolve,
+			CheckForSysboxfs: true, // ensure the openat2 is opening a sysbox-fs managed file
 		}
 
 		nss := t.service.nss