Skip to content

vserver

Intro

vserver - Allows to control an isolated context within the same Linux kernel.

Description

The vserver syscall is a way to create isolated execution contexts within the same Linux kernel. It provides mechanisms such as users, process groups, or network rules to separate processes and resources, allowing to conserve or maximize system resources depending on their use. Furthermore, each vserver context can have their own root directory and assign access rights to files and folders within it.

The syscall allows to create and delete vserver contexts, modify their properties or enter them. It also has the capability to list all existing vserver contexts and show their properties. The level of isolation that it provides is comparable to virtualization, with the advantage that it allows context switching directly from the kernel and does not require extra overhead for running a virtual machine.

Arguments

  • cmd:int[K] - Controls the action to perform on the vserver context, it could be for creating, deleting, entering or modifying.
  • arg1:char *[U,TOCTOU] - A pointer to a user page containing the data for the operation defined by the cmd argument.
  • size:size_t[K] - The size of the data pointed by arg1 in bytes.
  • flags:int[OPT] - Optional flags related to the provided data, could affect the interaction and output of the command.

Available Tags

  • K - Originated from kernel-space.
  • U - Originated from user space (for example, pointer to user space memory used to get it)
  • TOCTOU - Vulnerable to TOCTOU (time of check, time of use)
  • OPT - Optional argument - might not always be available (passed with null value)

Hooks

personality()

Type

Kprobe

Purpose

Personality() is hooked when using the vserver syscall in order to identify when is called to change the process execution context.

Example Use Case

One of the most common use cases of the vserver syscall, and one of the reasons why it was designed, is to provide deployment scalability by creating resource-isolated execution contexts. This use case allows to minimize deployment times and maximize resources while running multiple applications on the same machine that require different configurations.

In addition, due to the level of isolation that it provides and the direct interaction with the kernel, it can also be used for security purposes. An example could be an application running in an isolated vserver context for which access rights can be set and traffic monitored by the vserver context.

Issues

Using this syscall is resource-intensive as it requires a lot of resource management that is not always necessary. This can lead to less efficient usage of the system resources.

In addition, there are several security issues related to vserver, as it does not provide hardware-level isolation, which can make it vulnerable against attacks aiming to escape a sandboxed environment.

Finally, the data passed in the arg1 argument should be checked carefully as it is passed from user space and is vulnerable to TOCTOU (time-of-check-time-of-use) attacks.

  • clone() - Clones the process into another one, useful when entering a vserver context.
  • setns() - Changes the process's execution context, used when entering a vserver context.

This document was automatically generated by OpenAI and needs review. It might not be accurate and might contain errors. The authors of Tracee recommend that the user reads the "events.go" source file to understand the events and their arguments better.