From: Axel Burri <axel@tty0.ch>
To: linux-btrfs@vger.kernel.org
Cc: Axel Burri <axel@tty0.ch>
Subject: [RFC PATCH v2 0/4] btrfs-progs: build distinct binaries for specific btrfs subcommands
Date: Wed, 12 Sep 2018 16:46:00 +0200 [thread overview]
Message-ID: <20180912144604.6178-1-axel@tty0.ch> (raw)
This patch allows to build distinct binaries for specific btrfs
subcommands, e.g. "btrfs-subvolume-show" which would be identical to
"btrfs subvolume show".
Changes from v1 [1]:
- No more need of generated c-file for each separated commands (all
functionality has moved to Makefile).
- More generic approach: match entry point declarations as well as
additional tage in all "cmds-*.c" files.
- Change naming: use "separated" instead of "splitcmd".
Motivation:
While btrfs-progs offer the all-inclusive "btrfs" command, it gets
pretty cumbersome to restrict privileges to the subcommands [2].
Common approaches are to either setuid root for "/sbin/btrfs" (which
is not recommended at all), or to write sudo rules for each
subcommand.
Separating the subcommands into distinct binaries makes it easy to set
elevated privileges using capabilities(7) or setuid. A typical use
case where this is needed is when it comes to automated scripts,
e.g. btrbk [3] [4] creating snapshots and send/receive them via ssh.
Description:
Patch 1 adds a minimal, non-invasive framework for building separated
binaries. Note that some subcommands fail to build ("make -k separated").
Patches 2,3 fix build dependencies: make all subcommands build
correctly, with smaller binary size. Probably to be squashed into
patch 1 for final commit.
Patch 4 adds configuration options -enable-setcap-install,
--enable-setuid-install, --enable-btrfs-separated.
Notes:
- This patchset is available on github [5].
- A gentoo ebuild "sys-fs/btrfs-progs-separated" is available on
github [6], as well as in the digint-overlay [7]:
USE=filecaps emerge -av sys-fs/btrfs-progs-separated
References:
[1] https://www.spinics.net/lists/linux-btrfs/msg81451.html
[2] https://www.spinics.net/lists/linux-btrfs/msg75736.html
[3] https://github.com/digint/btrbk
[4] https://github.com/digint/btrfs-progs-btrbk
[5] https://github.com/digint/btrfs-progs/tree/cmds-separated-fscaps-v2
[6] https://github.com/digint/gentoo/tree/btrfs-progs-separated/sys-fs/btrfs-progs-separated
[7] https://dev.tty0.ch/portage/digint-overlay.git
Axel Burri (4):
btrfs-progs: Makefile: create separated binaries for "btrfs"
subcommands; add fscaps declarations
btrfs-progs: remove unneeded dependencies on separated build
(-DBTRFS_SEPARATED_BUILD)
btrfs-progs: Makefile: add extra objects definitions for separated
binaries
btrfs-progs: build: add --enable-setcap-install,
--enable-setuid-install, --enable-btrfs-separated
.gitignore | 1 +
Makefile | 99 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-
Makefile.inc.in | 6 ++++
cmds-balance.c | 2 ++
cmds-device.c | 2 ++
cmds-fi-usage.c | 1 +
cmds-filesystem.c | 2 ++
cmds-inspect.c | 2 ++
cmds-property.c | 2 ++
cmds-qgroup.c | 3 ++
cmds-quota.c | 2 ++
cmds-receive.c | 1 +
cmds-replace.c | 2 ++
cmds-rescue.c | 2 ++
cmds-scrub.c | 2 ++
cmds-send.c | 1 +
cmds-subvolume.c | 6 ++++
commands.h | 37 +++++++++++++++++++++
configure.ac | 40 ++++++++++++++++++++++
19 files changed, 212 insertions(+), 1 deletion(-)
--
2.16.4
next reply other threads:[~2018-09-12 19:51 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-09-12 14:46 Axel Burri [this message]
2018-09-12 14:46 ` [RFC PATCH v2 1/4] btrfs-progs: Makefile: create separated binaries for "btrfs" subcommands; add fscaps declarations Axel Burri
2018-09-12 14:46 ` [RFC PATCH v2 2/4] btrfs-progs: remove unneeded dependencies on separated build (-DBTRFS_SEPARATED_BUILD) Axel Burri
2018-09-12 14:46 ` [RFC PATCH v2 3/4] btrfs-progs: Makefile: add extra objects definitions for separated binaries Axel Burri
2018-09-12 14:46 ` [RFC PATCH v2 4/4] btrfs-progs: build: add --enable-setcap-install, --enable-setuid-install, --enable-btrfs-separated Axel Burri
2018-09-19 22:02 ` [RFC PATCH v2 0/4] btrfs-progs: build distinct binaries for specific btrfs subcommands Axel Burri
2018-09-20 8:32 ` Duncan
2018-09-21 9:46 ` Axel Burri
2018-09-22 5:57 ` Duncan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180912144604.6178-1-axel@tty0.ch \
--to=axel@tty0.ch \
--cc=linux-btrfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).