[vpsAdminOS] procfs: fake uid_map for Docker v2

Docker detects, whether it runs in an User namespace and when it does, it acts whacky, the code is full of bugs. So let's fake what Docker sees, so it thinks it doesn't run in userns. v2: - fix memleak (exe) - no warn anymore Signed-off-by: Pavel Snajdr <snajpa@snajpa.net>
vpsfreecz · Jun 1, 2024 · fb383dc · fb383dc
1 parent cfd4a79
commit fb383dc
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
@@ -686,6 +686,27 @@ static void *m_start(struct seq_file *seq, loff_t *ppos,
 static void *uid_m_start(struct seq_file *seq, loff_t *ppos)
 {
 	struct user_namespace *ns = seq->private;
+	struct file *exe = get_task_exe_file(current);
+	char buff[1024];
+	char *p = NULL;
+	int pathlen = 0;
+	bool fake = false;
+
+	if (((ns == &init_user_ns) || (ns->parent == &init_user_ns)) &&
+	    (exe)) {
+		p = d_path(&exe->f_path, buff, 1024);
+		pathlen = strnlen(p, 1024);
+
+		if (strncmp(p + pathlen - 11, "bin/dockerd", 11) == 0)
+			fake = true;
+
+	}
+
+	if (exe)
+		fput(exe);
+
+	if (fake)
+		return NULL;
 
 	return m_start(seq, ppos, &ns->uid_map);
 }