From 559bd4ebdf56258cd10e241c205d6c9f6fea3f8e Mon Sep 17 00:00:00 2001
From: Aleksa Sarai <cyphar@cyphar.com>
Date: Tue, 25 Feb 2025 13:46:05 +1100
Subject: [PATCH] libcontainer: rename dmz -> exeseal

The "dmz" name was originally used because the libcontainer/dmz package
housed the runc-dmz binary, but since we removed it in commit
871057d863e8 ("drop runc-dmz solution according to overlay solution")
the name is an anachronism and we should just give it a more
self-explanatory name.

So, call it libcontainer/exeseal because the purpose of the package is
to provide tools to seal /proc/self/exe against attackers.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
---
 contrib/cmd/memfd-bind/memfd-bind.go                 | 8 ++++----
 libcontainer/container_linux.go                      | 8 ++++----
 libcontainer/{dmz => exeseal}/cloned_binary_linux.go | 4 ++--
 libcontainer/{dmz => exeseal}/overlayfs_linux.go     | 2 +-
 libcontainer/process.go                              | 2 +-
 tests/integration/run.bats                           | 4 ++--
 6 files changed, 14 insertions(+), 14 deletions(-)
 rename libcontainer/{dmz => exeseal}/cloned_binary_linux.go (98%)
 rename libcontainer/{dmz => exeseal}/overlayfs_linux.go (99%)

diff --git a/contrib/cmd/memfd-bind/memfd-bind.go b/contrib/cmd/memfd-bind/memfd-bind.go
index e73739f0c..c01aad742 100644
--- a/contrib/cmd/memfd-bind/memfd-bind.go
+++ b/contrib/cmd/memfd-bind/memfd-bind.go
@@ -27,7 +27,7 @@ import (
 	"strings"
 	"time"
 
-	"github.com/opencontainers/runc/libcontainer/dmz"
+	"github.com/opencontainers/runc/libcontainer/exeseal"
 
 	"github.com/sirupsen/logrus"
 	"github.com/urfave/cli"
@@ -101,7 +101,7 @@ func cleanup(path string) error {
 	return nil
 }
 
-// memfdClone is a memfd-only implementation of dmz.CloneBinary.
+// memfdClone is a memfd-only implementation of exeseal.CloneBinary.
 func memfdClone(path string) (*os.File, error) {
 	binFile, err := os.Open(path)
 	if err != nil {
@@ -113,7 +113,7 @@ func memfdClone(path string) (*os.File, error) {
 		return nil, fmt.Errorf("checking %s size: %w", path, err)
 	}
 	size := stat.Size()
-	memfd, sealFn, err := dmz.Memfd("/proc/self/exe")
+	memfd, sealFn, err := exeseal.Memfd("/proc/self/exe")
 	if err != nil {
 		return nil, fmt.Errorf("creating memfd failed: %w", err)
 	}
@@ -126,7 +126,7 @@ func memfdClone(path string) (*os.File, error) {
 	if err := sealFn(&memfd); err != nil {
 		return nil, fmt.Errorf("could not seal fd: %w", err)
 	}
-	if !dmz.IsCloned(memfd) {
+	if !exeseal.IsCloned(memfd) {
 		return nil, fmt.Errorf("cloned memfd is not properly sealed")
 	}
 	return memfd, nil
diff --git a/libcontainer/container_linux.go b/libcontainer/container_linux.go
index 54a0eaafe..95fd86bf8 100644
--- a/libcontainer/container_linux.go
+++ b/libcontainer/container_linux.go
@@ -22,7 +22,7 @@ import (
 
 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/opencontainers/runc/libcontainer/configs"
-	"github.com/opencontainers/runc/libcontainer/dmz"
+	"github.com/opencontainers/runc/libcontainer/exeseal"
 	"github.com/opencontainers/runc/libcontainer/intelrdt"
 	"github.com/opencontainers/runc/libcontainer/system"
 	"github.com/opencontainers/runc/libcontainer/utils"
@@ -496,7 +496,7 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) {
 		exePath string
 		safeExe *os.File
 	)
-	if dmz.IsSelfExeCloned() {
+	if exeseal.IsSelfExeCloned() {
 		// /proc/self/exe is already a cloned binary -- no need to do anything
 		logrus.Debug("skipping binary cloning -- /proc/self/exe is already cloned!")
 		// We don't need to use /proc/thread-self here because the exe mm of a
@@ -505,13 +505,13 @@ func (c *Container) newParentProcess(p *Process) (parentProcess, error) {
 		exePath = "/proc/self/exe"
 	} else {
 		var err error
-		safeExe, err = dmz.CloneSelfExe(c.stateDir)
+		safeExe, err = exeseal.CloneSelfExe(c.stateDir)
 		if err != nil {
 			return nil, fmt.Errorf("unable to create safe /proc/self/exe clone for runc init: %w", err)
 		}
 		exePath = "/proc/self/fd/" + strconv.Itoa(int(safeExe.Fd()))
 		p.clonedExes = append(p.clonedExes, safeExe)
-		logrus.Debug("runc-dmz: using /proc/self/exe clone") // used for tests
+		logrus.Debug("runc exeseal: using /proc/self/exe clone") // used for tests
 	}
 
 	cmd := exec.Command(exePath, "init")
diff --git a/libcontainer/dmz/cloned_binary_linux.go b/libcontainer/exeseal/cloned_binary_linux.go
similarity index 98%
rename from libcontainer/dmz/cloned_binary_linux.go
rename to libcontainer/exeseal/cloned_binary_linux.go
index 1c034e4e6..0c8231ee8 100644
--- a/libcontainer/dmz/cloned_binary_linux.go
+++ b/libcontainer/exeseal/cloned_binary_linux.go
@@ -1,4 +1,4 @@
-package dmz
+package exeseal
 
 import (
 	"errors"
@@ -224,7 +224,7 @@ func CloneSelfExe(tmpDir string) (*os.File, error) {
 	// around ~60% overhead during container startup.
 	overlayFile, err := sealedOverlayfs("/proc/self/exe", tmpDir)
 	if err == nil {
-		logrus.Debug("runc-dmz: using overlayfs for sealed /proc/self/exe") // used for tests
+		logrus.Debug("runc exeseal: using overlayfs for sealed /proc/self/exe") // used for tests
 		return overlayFile, nil
 	}
 	logrus.WithError(err).Debugf("could not use overlayfs for /proc/self/exe sealing -- falling back to making a temporary copy")
diff --git a/libcontainer/dmz/overlayfs_linux.go b/libcontainer/exeseal/overlayfs_linux.go
similarity index 99%
rename from libcontainer/dmz/overlayfs_linux.go
rename to libcontainer/exeseal/overlayfs_linux.go
index b81b70258..f585566b6 100644
--- a/libcontainer/dmz/overlayfs_linux.go
+++ b/libcontainer/exeseal/overlayfs_linux.go
@@ -1,4 +1,4 @@
-package dmz
+package exeseal
 
 import (
 	"fmt"
diff --git a/libcontainer/process.go b/libcontainer/process.go
index 0e24c548e..73cdac9c7 100644
--- a/libcontainer/process.go
+++ b/libcontainer/process.go
@@ -52,7 +52,7 @@ type Process struct {
 	// ExtraFiles specifies additional open files to be inherited by the process.
 	ExtraFiles []*os.File
 
-	// Open handles to cloned binaries -- see dmz.CloneSelfExe for more details.
+	// Open handles to cloned binaries -- see exeseal.CloneSelfExe for more details.
 	clonedExes []*os.File
 
 	// Initial size for the console.
diff --git a/tests/integration/run.bats b/tests/integration/run.bats
index c6e307094..8a96d55c2 100644
--- a/tests/integration/run.bats
+++ b/tests/integration/run.bats
@@ -131,10 +131,10 @@ function teardown() {
 	runc --debug run test_hello
 	[ "$status" -eq 0 ]
 	[[ "$output" = *"Hello World"* ]]
-	[[ "$output" = *"runc-dmz: using /proc/self/exe clone"* ]]
+	[[ "$output" = *"runc exeseal: using /proc/self/exe clone"* ]]
 	# runc will use fsopen("overlay") if it can.
 	if can_fsopen overlay; then
-		[[ "$output" = *"runc-dmz: using overlayfs for sealed /proc/self/exe"* ]]
+		[[ "$output" = *"runc exeseal: using overlayfs for sealed /proc/self/exe"* ]]
 	fi
 }