public inbox for linux-um@lists.infradead.org
 help / color / mirror / Atom feed
From: "Marko Petrović" <petrovicmarko2006@gmail.com>
To: linux-um@lists.infradead.org
Cc: richard@nod.at, anton.ivanov@cambridgegreys.com,
	johannes@sipsolutions.net,
	"Marko Petrović" <petrovicmarko2006@gmail.com>
Subject: Document new xattrperm flag
Date: Fri, 14 Apr 2023 00:30:22 +0200	[thread overview]
Message-ID: <20230413223024.11513-1-petrovicmarko2006@gmail.com> (raw)

Hello,

I am Marko Petrović. I have been using User-Mode Linux (UML) for some time
and I have noticed that in the documentation it is said that UML can boot
from hostfs however, hostfs exposes file permissions of the host to the
UML, and changing these permissions requires that the kernel has necessary
privileges on the host.
In addition to that, all files are created with the ownership of the
kernel's user and group since the kernel is performing file creation.

This creates obvious problems when a multiuser system is running inside
UML since applications cannot create files that they own and the UML
kernel forbids further access to these files. This in particular can
present problems when booting from hostfs that appears to otherwise be
supported.

One solution would be for the kernel to run with the necessary privileges
to alter file permissions and yet still access them in order to service
syscalls to UML processes and another (in my humble opinion, preferable)
solution would be to store permissions used by the UML kernel separately
from host's permissions so that the kernel can run with standard
privileges.

In hope that it will be useful, I have written a patch that adds a boot
option for hostfs for enabling the usage of extended attributes for
storing these permissions. Extended attributes seemed like the most
reasonable choice for this purpose and most Linux filesystems support
them.

I have also added a try for doing regular chown(2) on file
creation when extended attributes are disabled. If the kernel isn't
running as root, it will fall back to the old behavior.

In another patch, I provide documentation update for explaining
the usage of the new flag when booting from hostfs. I have also changed
the "find" command that was used there so that it now skips symlinks
since some symlinks point to absolute paths and that was changing
permissions on the host in unintended ways.

I am looking forward to your feedback on this work.

P.S. I apologize if there are any grammar errors in the mail as English is
not my first language. As this is my first patch, I also apologize if I
have missed any part of the patch submission procedure. For future patches
I will correct all encountered mistakes.

_______________________________________________
linux-um mailing list
linux-um@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/linux-um

             reply	other threads:[~2023-04-13 22:30 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-04-13 22:30 Marko Petrović [this message]
2023-04-13 22:30 ` [PATCH 1/2] Document new xattrperm flag Marko Petrović
2023-04-14  7:17   ` Johannes Berg
2023-04-13 22:30 ` [PATCH 2/2] hostfs: store permissions in extended attributes Marko Petrović
2023-04-14  2:33   ` [PATCH v2 " Marko Petrović
2023-04-14  7:40     ` Johannes Berg
2023-04-14 17:19       ` Marko Petrović
2023-04-18  8:26         ` Johannes Berg
2023-04-25 16:10           ` Marko Petrović
2023-04-14 10:54     ` Richard Weinberger
2023-04-14 17:52       ` Marko Petrović
2023-04-14 17:59         ` Richard Weinberger
2023-04-15 16:48 ` [PATCH v3 " Marko Petrović
2023-04-16 17:24   ` Marko Petrović
2023-04-18  8:31     ` Johannes Berg
2023-04-25 16:35       ` Marko Petrović
2023-04-25 17:11         ` Johannes Berg
2023-08-28 19:48   ` Richard Weinberger

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230413223024.11513-1-petrovicmarko2006@gmail.com \
    --to=petrovicmarko2006@gmail.com \
    --cc=anton.ivanov@cambridgegreys.com \
    --cc=johannes@sipsolutions.net \
    --cc=linux-um@lists.infradead.org \
    --cc=richard@nod.at \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox