[rpmlint] lxcfs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib/lxcfs/liblxcfs.so

[ganto]

When running rpmlint (rpmlint-1.9-3.fc24.noarch) on lxcfs-2.0.5-3.fc24.x86_64.rpm the following error is thrown:

lxcfs.x86_64: E: missing-call-to-chdir-with-chroot /usr/lib/lxcfs/liblxcfs.so
This executable appears to call chroot without using chdir to change the
current directory. This is likely an error and permits an attacker to break
out of the chroot by using fchdir. While that's not always a security issue,
this has to be checked.

Examining the source code shows that the issue might be a false positive as chdir() is obviously called. Might be related to rpm-software-management/rpmlint#84. Will need to try again with a newer version of rpmlint.

[ganto]

Still the same message with rpmlint-1.10-3.fc25.noarch against lxcfs-2.0.7-1.fc25.x86_64.rpm

[Conan-Kudo]

Talk to upstream about it to get clarification.

[ganto]

I tried with rpmlint-1.10-5.fc26.noarch against lxcfs-2.0.8-0.1.fc26.x86_64 and still the same issue.

Checking the source code. There is only one call to chroot and that's in lxcfs/bindings.c:chroot_enter():

    if (chroot(".") < 0) {
        lxcfs_error("Call to chroot() failed: %s.\n", strerror(errno));
        return -1;
    }

    if (chdir("/") < 0) {
        lxcfs_error("Failed to change directory: %s.\n", strerror(errno));
        return -1;
    }

It seems the @plt calls which are checked by BinariesCheck.py are missing in the resulting liblxcfs.so shared object and therefore it is hit by the previously mentioned rpm-software-management/rpmlint#84. Although the suggested fix to this bug was merged more than a year ago, it still wasn't part of an official rpmlint release and therefore didn't make it into Fedora yet.

With the "patched" rpmlint the error message is gone.