From: Stanislav Kinsbursky <skinsbursky@parallels.com>
To: Jeff Layton <jlayton@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
<viro@zeniv.linux.org.uk>, <serge.hallyn@canonical.com>,
<lucas.demarchi@profusion.mobi>, <rusty@rustcorp.com.au>,
<linux-kernel@vger.kernel.org>, <oleg@redhat.com>,
<bfields@fieldses.org>, <bharrosh@panasas.com>,
<linux-fsdevel@vger.kernel.org>, <akpm@linux-foundation.org>,
<devel@openvz.org>
Subject: Re: [RFC PATCH] fs: call_usermodehelper_root helper introduced
Date: Thu, 23 May 2013 15:58:44 +0400 [thread overview]
Message-ID: <519E0474.5000606@parallels.com> (raw)
In-Reply-To: <20130523075620.21abf79a@tlielax.poochiereds.net>
23.05.2013 15:56, Jeff Layton пишет:
> On Thu, 23 May 2013 15:38:17 +0400
> Stanislav Kinsbursky <skinsbursky@parallels.com> wrote:
>
>> 23.05.2013 15:31, Jeff Layton пишет:
>>> On Thu, 23 May 2013 14:35:53 +0400
>>> Stanislav Kinsbursky <skinsbursky@parallels.com> wrote:
>>>
>>>> 23.05.2013 14:00, Eric W. Biederman пишет:
>>>>> Stanislav Kinsbursky <skinsbursky@parallels.com> writes:
>>>>>
>>>>>> 22.05.2013 21:33, Eric W. Biederman пишет:
>>>>>>> Stanislav Kinsbursky <skinsbursky@parallels.com> writes:
>>>>>>>
>>>>>>>> Usermode helper executes all binaries in global "init" root context. This
>>>>>>>> doesn't allow to call a binary from other root context (for example in a
>>>>>>>> container).
>>>>>>>> Currently, both containerized NFS client and NFS server requires an ability to
>>>>>>>> execute a binary in a container's root context. Root swap can be done in
>>>>>>>> "init" callback, passed by UMH caller.
>>>>>>>> But since we have 2 callers already (and more of them are expected to appear
>>>>>>>> in future) and because set_fs_root() in not exported, it looks reasonable to
>>>>>>>> add one more generic UMH helper to generic fs code.
>>>>>>>> Root path reference must be hold by the caller, since it will be put on UMH
>>>>>>>> thread exit.
>>>>>>>
>>>>>>> Awesome. With this patch as an uprivilieged user I get to pick which
>>>>>>> binary the kernel will execute. At least if nfs and nfsd ever runs in a
>>>>>>> user namespace (something that looks like only matter of time).
>>>>>>>
>>>>>>
>>>>>> Not really. Only by using a kernel module to call the UMH.
>>>>>> And an unprivileged can't load a module as far a I know.
>>>>>> I.e. NFSd, for example, will use unprivileged user's root to perform this call.
>>>>>
>>>>> To help me understand the context which instances of call user mode
>>>>> helper are you expecting to use this facility?
>>>>>
>>>>
>>>> Ok. Here is how the NFSd uses UMH:
>>>> UMH is used on NFSd service to start user-space client tracker daemon
>>>> ("/sbin/nfsdcltarck"), which is used to store some per-client locks data on
>>>> persistent storage.
>>>>
>>>>>>> I think this is a seriously bad idea.
>>>>>>>
>>>>>>> Why can't we do this in userspace with setns as we do with the core dump
>>>>>>> helper?
>>>>>>>
>>>>>>
>>>>>> Could you, please, clarify, how setns can help here?
>>>>>
>>>>> setns can change the mount namespace, and chroot can change to root
>>>>> directory in the specified mount namespace. Essentially you can enter
>>>>> into a containers complete context (pid, mnt, root, etc) comming from
>>>>> the outside.
>>>>>
>>>>
>>>> So, you are actually suggesting to move the binary start from the kernel to user-space.
>>>> IOW, you are suggesting to do not using UMH at all.
>>>> Am I right?
>>>> I don't know the reasons, why it was done by using UMH and not in userspace.
>>>> Could you clarify this, Jeff?
>>>>
>>>
>>> nfsdcltrack is a "one-shot" program for managing and querying the nfsd
>>> client tracking database. When knfsd needs to query or modify the
>>> db, it uses the UMH infrastructure to call this program that does
>>> what's requested and then exits.
>>>
>>> So, I'm not sure I really understand your question. It wasn't done in
>>> userspace since the whole purpose of this program is to handle upcalls
>>> from the kernel.
>>>
>>
>> The question is what was the reason to start this binary from kernel by UMH?
>
> Manipulating and querying the client tracking database is an infrequent
> event, so having a continuously running daemon is wasteful and means
> that the admin has to ensure that it's running. A UMH upcall is much
> simpler and generally "just works" if the program is present.
>
>> I.e. why it can't be started by some user-space process before or after NFSd start?
>> I don't familiar with this client tracking facility and that's the only reason why I'm asking.
>>
>
> This program is not a daemon that runs continuously. It's only called
> when the kernel needs to manipulate the database. Are you asking
> whether we could turn this into a continuously running daemon? If so
> then the answer is "yes", but that's not really a good idea either.
>
> In fact, we had that with the nfsdcld program, but no one liked it
> (including me) for the reasons I detailed above.
>
No, I'm just asking to understand.
Eric was, actually, asking the same. I.e. how does NFSd uses UMH and why this can't be done in userspace?
Thanks you for your answer.
--
Best regards,
Stanislav Kinsbursky
next prev parent reply other threads:[~2013-05-23 11:58 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-22 7:29 [RFC PATCH] fs: call_usermodehelper_root helper introduced Stanislav Kinsbursky
2013-05-22 16:03 ` Oleg Nesterov
2013-05-22 17:33 ` Eric W. Biederman
2013-05-22 18:35 ` Eric W. Biederman
2013-05-22 19:23 ` J. Bruce Fields
2013-05-23 3:37 ` Eric W. Biederman
2013-05-23 19:06 ` J. Bruce Fields
2013-05-23 8:11 ` Stanislav Kinsbursky
2013-05-23 8:07 ` Stanislav Kinsbursky
2013-05-23 8:07 ` Stanislav Kinsbursky
2013-05-23 10:00 ` Eric W. Biederman
2013-05-23 10:35 ` Stanislav Kinsbursky
2013-05-23 11:31 ` Jeff Layton
2013-05-23 11:38 ` Stanislav Kinsbursky
2013-05-23 11:56 ` Jeff Layton
2013-05-23 11:56 ` Jeff Layton
2013-05-23 11:58 ` Stanislav Kinsbursky [this message]
2013-05-23 12:25 ` Boaz Harrosh
2013-05-23 13:05 ` Jeff Layton
2013-05-23 19:55 ` J. Bruce Fields
2013-05-23 20:14 ` J. Bruce Fields
2013-05-23 21:32 ` Eric W. Biederman
2013-05-24 6:04 ` Stanislav Kinsbursky
2013-11-08 11:58 ` Jeff Layton
2013-05-24 5:44 ` Stanislav Kinsbursky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=519E0474.5000606@parallels.com \
--to=skinsbursky@parallels.com \
--cc=akpm@linux-foundation.org \
--cc=bfields@fieldses.org \
--cc=bharrosh@panasas.com \
--cc=devel@openvz.org \
--cc=ebiederm@xmission.com \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lucas.demarchi@profusion.mobi \
--cc=oleg@redhat.com \
--cc=rusty@rustcorp.com.au \
--cc=serge.hallyn@canonical.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.