From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A6A7C6FA82 for ; Fri, 9 Sep 2022 13:13:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230249AbiIINN6 (ORCPT ); Fri, 9 Sep 2022 09:13:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229962AbiIINN5 (ORCPT ); Fri, 9 Sep 2022 09:13:57 -0400 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98C5A3719E; Fri, 9 Sep 2022 06:13:56 -0700 (PDT) Received: by fieldses.org (Postfix, from userid 2815) id 130792045; Fri, 9 Sep 2022 09:13:56 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 130792045 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1662729236; bh=rJg8KreJCBLlbOSbA81HfdmeNkeHmTjwnB8MS5F2HS8=; h=Date:To:Cc:Subject:References:In-Reply-To:From:From; b=Napy9rfH0y46dso4O3L1OjcbWruSJc1fI+BPvZBW2P6SCYKi49faWIXUmnvZWENBc n/u3lq/6R1MnQxJLEJQeNe6riBIdiMYkWu4j4qSHm7nsFQkgKD7YKmdLMRPv2ETv5f wPNsJb82RZV6gHlkBnKtD8kAEXVaY5gDbjAqzjdI= Date: Fri, 9 Sep 2022 09:13:55 -0400 To: Theodore Ts'o Cc: Chuck Lever III , battery dude , Linux NFS Mailing List , linux-fsdevel , "linux-security-module@vger.kernel.org" , "selinux@vger.kernel.org" Subject: Re: Does NFS support Linux Capabilities Message-ID: <20220909131355.GA5674@fieldses.org> References: <1D8F1768-D42A-4775-9B0E-B507D5F9E51E@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) From: bfields@fieldses.org (J. Bruce Fields) Precedence: bulk List-ID: On Fri, Sep 09, 2022 at 05:23:46AM -0400, Theodore Ts'o wrote: > On Thu, Sep 08, 2022 at 08:24:02PM +0000, Chuck Lever III wrote: > > Given these enormous challenges, who would be willing to pay for > > standardization and implementation? I'm not saying it can't or > > shouldn't be done, just that it would be a mighty heavy lift. > > But maybe other folks on the Cc: list have ideas that could > > make this easier than I believe it to be. > > ... and this is why the C2 by '92 initiative was doomed to failure, > and why Posix.1e never completed the standardization process. :-) > > Honestly, capabilities are super coarse-grained, and I'm not sure they > are all that useful if we were create blank slate requirements for a > modern high-security system. So I'm not convinced the costs are > sufficient to balance the benefits. I seem to recall the immediate practical problem people have hit is that some rpms will fail if it can't set file capabilities. So in practice NFS may not work any more for root filesystems. Maybe there's some workaround. Taking a quick look at my laptop, there's not as many as I expected: [root@parkour bfields]# getcap -r /usr /usr/bin/arping cap_net_raw=p /usr/bin/clockdiff cap_net_raw=p /usr/bin/dumpcap cap_net_admin,cap_net_raw=ep /usr/bin/newgidmap cap_setgid=ep /usr/bin/newuidmap cap_setuid=ep /usr/sbin/mtr-packet cap_net_raw=ep /usr/sbin/suexec cap_setgid,cap_setuid=ep --b.