#!/usr/local/cpanel/3rdparty/bin/perl # cpanel - scripts/check_mount_procfs Copyright 2022 cPanel, L.L.C. # All rights reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited use strict; use warnings; use Cpanel::TempFile (); use Cpanel::FileUtils::Write (); use Cpanel::FileUtils::TouchFile (); use Cpanel::Logger (); my $logger = Cpanel::Logger->new(); exit 0 if -e '/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_none'; my $tf = Cpanel::TempFile->new(); my $dir = $tf->dir(); my $src = $dir . '/proc_test.c'; my $bin = '/root/.__proc_test_bin'; Cpanel::FileUtils::Write::overwrite_no_exceptions( $src, <<'EOF', 0600 ); #include #define MOUNTPOINT "/root/.__proc_test" int main(int argc, char *argv[]){ mount(0, MOUNTPOINT, "proc", 0, ""); umount(MOUNTPOINT); return 0; } EOF my $gcc_status = system qw(/usr/bin/gcc -Wall -o), $bin, $src; if ( $gcc_status == 0 ) { mkdir '/root/.__proc_test'; my ($sys) = ( `/usr/bin/time -p $bin 2>&1` || '' ) =~ /sys ([\d.]+)$/m; if ( defined($sys) ) { if ( $sys > 0.5 ) { $logger->warn("Mounting procfs took more than half a second of system time. This is a symptom of an outdated kernel. Disabling full procfs mounting in jailshell. Please note: If you re-enable full procfs mounting for jailshell without first updating your kernel, this could lead to extreme system load."); system qw(mkdir -p /var/cpanel/conf/jail/flags); unlink '/var/cpanel/conf/jail/flags/mount_proc_full'; unlink '/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_full'; Cpanel::FileUtils::TouchFile::touchfile('/var/cpanel/conf/jail/flags/mount_proc_jailed_fallback_none'); } } # else fail silently rmdir '/root/.__proc_test'; unlink '/root/.__proc_test_bin'; } # else fail silently