[RFC PATCH 0/6] btrfs-progs: build distinct binaries for specific btrfs subcommands

[Axel Burri <axel@tty0.ch>]

This patch allows to build distinct binaries for specific btrfs
subcommands, e.g. "btrfs-subvolume-show" which would be identical to
"btrfs subvolume show".


Motivation:

While btrfs-progs offer the all-inclusive "btrfs" command, it gets
pretty cumbersome to restrict privileges to the subcommands [1].
Common approaches are to either setuid root for "/sbin/btrfs" (which
is not recommended at all), or to write sudo rules for each
subcommand.

Separating the subcommands into distinct binaries makes it easy to set
elevated privileges using capabilities(7) or setuid. A typical use
case where this is needed is when it comes to automated scripts,
e.g. btrbk [2] [3] creating snapshots and send/receive them via ssh.


Description:

Patch 1 adds a template as well as a generator shell script for the
splitted subcommands.

Patch 2 adds the generated subcommand source files.

Patch 3-5 adds a "install-splitcmd-setcap" make target, with different
approaches (either hardcoded in Makefile, or more generically by
including "Makefile.install_setcap" generated by "splitcmd-gen.sh").


Open Questions:

1. "make install-splitcmd-setcap" installs the binaries with hardcoded
group "btrfs". This needs to be configurable (how?). Another approach
would be to not set the group at all, and leave this to the user or
distro packaging script.

2. Instead of the "install-splitcmd-setcap" make target, we could
introduce a "configure --enable-splitted-subcommands" option, which
would simply add all splitcmd binaries to the "all" and "install"
targets without special treatment, and leave the setcap stuff to the
user or distro packaging script (at least in gentoo, this needs to be
specified using the "fcaps" eclass anyways [5]).


References:

  [1] https://www.spinics.net/lists/linux-btrfs/msg75736.html
  [2] https://github.com/digint/btrbk
  [3] https://github.com/digint/btrfs-progs-btrbk
  [4] https://github.com/digint/btrfs-progs/tree/splitcmd-setcap
  [5] https://dev.tty0.ch/portage/digint-overlay.git (sys-fs/btrfs-progs-btrbk)



Axel Burri (6):
  btrfs-progs: splitcmd-gen.sh: create btrfs-<subcommand> binaries for
    selected subcommands
  btrfs-progs: add btrfs-<subcommand> source files generated by
    splitcmd-gen.sh
  btrfs-progs: Makefile: add "install-splitcmd-setcap" target, installs
    splitcmd binaries with appropriate capabilities
  btrfs-progs: Makefile: include Makefile.install_setcap generated by
    splitcmd-gen.sh
  btrfs-progs: Makefile: move progs_splitcmd variable to
    Makefile.install_setcap
  btrfs-progs: add splitcmd binaries to gitignore

 .gitignore                 |  9 +++++
 Makefile                   | 20 +++++++++++
 Makefile.inc.in            |  1 +
 Makefile.install_setcap    | 12 +++++++
 btrfs-filesystem-usage.c   | 23 +++++++++++++
 btrfs-qgroup-destroy.c     | 23 +++++++++++++
 btrfs-receive.c            | 23 +++++++++++++
 btrfs-send.c               | 23 +++++++++++++
 btrfs-subvolume-delete.c   | 23 +++++++++++++
 btrfs-subvolume-list.c     | 23 +++++++++++++
 btrfs-subvolume-show.c     | 23 +++++++++++++
 btrfs-subvolume-snapshot.c | 23 +++++++++++++
 configure.ac               |  1 +
 splitcmd-gen.sh            | 86 ++++++++++++++++++++++++++++++++++++++++++++++
 splitcmd.c.in              | 17 +++++++++
 15 files changed, 330 insertions(+)
 create mode 100644 Makefile.install_setcap
 create mode 100644 btrfs-filesystem-usage.c
 create mode 100644 btrfs-qgroup-destroy.c
 create mode 100644 btrfs-receive.c
 create mode 100644 btrfs-send.c
 create mode 100644 btrfs-subvolume-delete.c
 create mode 100644 btrfs-subvolume-list.c
 create mode 100644 btrfs-subvolume-show.c
 create mode 100644 btrfs-subvolume-snapshot.c
 create mode 100755 splitcmd-gen.sh
 create mode 100644 splitcmd.c.in

-- 
2.16.4