Chrome OS 83 breaks nix sandboxing

I’m using Nix with nix-daemon enabled on a chromebook using Crostini, which essentially puts me in a Debian Buster LXD container. This worked great in ChromeOS 81, but version 83 appears to break sandboxing:

$ nix-build
these derivations will be built:
  /nix/store/0i9mr5fyjpivpgp05d3v0d3zwqwp8sy1-elm-app-0.1.0.drv
error: while setting up the build environment: mounting /proc: Operation not permitted

If I run nix-build as root with --option sandbox false it works, but that’s far from ideal. I’m not intimately familiar with the crostini/crosvm security features, nor with Nix’s current sandboxing setup, so I’m hoping someone else knows what the story is here. Any clues?

1 Like

I hit the same thing. My own use of user namespaces on Crostini broke in ChromeOS 83. I reported it here:

https://bugs.chromium.org/p/chromium/issues/detail?id=1087937

The specific problem is that attempting to mount /proc in a user namespace fails with EPERM. The simple reproduction path is:

$ unshare -Upf --mount-proc
unshare: mount /proc failed: Operation not permitted

I’ll cross-link that bug report here. The only workaround I could find was to run my sandboxes as root without user namespace isolation (but at least I get the pid/mount/net isolation…)

-Ken

It looks like the Flatpak folks hit the same thing. See: https://www.reddit.com/r/Crostini/comments/gfi45d/flatpak_broken_on_m83beta_830410342/

So I have a bit more undertstanding and a workaround. The understanding is that the kernel is refusing to mount /proc because in the parent mount namespace, /proc is partly covered by a bunch of new lxcfs mounts, and the kernel is afraid of exposing parts of /proc that the user is not intended to see. The workaround is to unmount those mounts that are under /proc:

kduda@penguin:~$ unshare -Upf --mount-proc
unshare: mount /proc failed: Operation not permitted
kduda@penguin:~$ sudo umount /proc/{cpuinfo,diskstats,meminfo,stat,uptime}
kduda@penguin:~$ unshare -Upf --mount-proc
nobody@penguin:~$ echo $$
1
nobody@penguin:~$ ls -d /proc/[0-9]*
/proc/1
nobody@penguin:~$

I don’t know if this workaround is a good idea. I’m not sure what the lxcfs mounts are for. But, I do expect that if you unmount all of the lxcfs mounts under /proc, then nix sandboxing will work again for you.

-Ken

1 Like