public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: Lennart Poettering <mzxreary@0pointer.de>
To: "Luis R. Rodriguez" <mcgrof@suse.com>
Cc: Ian Campbell <Ian.Campbell@citrix.com>,
	luto@mit.edu, Keir Fraser <keir@xen.org>,
	Tim Deegan <tim@xen.org>, Ian Jackson <ian.jackson@eu.citrix.com>,
	linux-kernel@vger.kernel.org,
	systemd-devel@lists.freedesktop.org,
	linux-security-module@vger.kernel.org, ebiederm@xmission.com,
	Jan Beulich <jbeulich@suse.com>,
	xen-devel@lists.xenproject.org, morgan@kernel.org
Subject: Re: [systemd-devel] [PATCH v5 12/14] autoconf: xen: enable explicit 	preference	option for xenstored preference
Date: Sun, 1 Jun 2014 08:15:47 +0200	[thread overview]
Message-ID: <20140601061547.GC16257@tango.0pointer.de> (raw)
In-Reply-To: <20140529232918.GG26450@wotan.suse.de>

On Fri, 30.05.14 01:29, Luis R. Rodriguez (mcgrof@suse.com) wrote:

> I'm cc'ing a few security folks as I'd appreciate review on the ideas here,
> in particular that of a launcher idea on system to replace alternatives on the
> ExecStart= line of a systemd service unit file, alternative ideas are of
> course welcomed. I'm also Cc'ing systemd-devel as this subject was reviewed
> a little while ago with nothing concrete being recommended but instead a few
> options being now archived as possibilities. I'm looking for a bit wider
> review of the approaches and recomendations.
> 
> Some general background for non xen folks: old xen requires the launch of
> a daemon which implements supports of the xenstore, which is the database
> that xen uses for information about guests / dom0. There are two supported
> daemons, xenstored (C version) and oxenstored (Ocaml version) but they do the
> same thing. Right now old init lets you override which one you pick through
> an environment variable on /etc/{sysconfig,default}/xencommons, the script
> will use the appropriate on there. Systemd doesn't let you use variables on
> the ExecStart line of a service unit file so alternatives are required.
> 
> The reason I'm being very careful here this could set a precedent and at
> least for the launcher idea it'd require the usage of getenv() and execve(),
> and secure alternatives for these (secure_getenv(), execve_nosecurity())
> have either been merged or suggested before for Linux. The systemd discussion
> is only specific to Linux but if we have a launcher we could consider it for
> other supported OSes. All that said I'd like proper review of the security
> implications of *all* strategies but obviously in particular the launcher
> idea. I want to tread carefuly before setting precedents.

You can also just invoke a shell script from ExecStart=. I mean, we try
to deemphesize them in the boot process, but there's nothing wrong with
using shell, if you need to parse shell configuraiton fragments and just
want to execute on ot another program...

That said, I'd certainly make a clean cut and drop support for
/etc/sysconfig from any project I see, earlier rather than later, since
it's just cruft, a bad idea and should really just go away. But then
again, I would also just not do the thing with supporting two
implementations at the same time... 

Lennart

-- 
Lennart Poettering, Red Hat

  reply	other threads:[~2014-06-01  6:26 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <1400589095-3872-1-git-send-email-mcgrof@do-not-panic.com>
     [not found] ` <1400589095-3872-13-git-send-email-mcgrof@do-not-panic.com>
     [not found]   ` <1400687040.7272.28.camel@kazak.uk.xensource.com>
     [not found]     ` <20140521230233.GA13289@wotan.suse.de>
     [not found]       ` <1400753147.14637.10.camel@kazak.uk.xensource.com>
     [not found]         ` <20140523232031.GA26450@wotan.suse.de>
     [not found]           ` <1401269449.24800.7.camel@kazak.uk.xensource.com>
2014-05-29 23:29             ` [PATCH v5 12/14] autoconf: xen: enable explicit preference option for xenstored preference Luis R. Rodriguez
2014-06-01  6:15               ` Lennart Poettering [this message]
2014-06-05  0:31                 ` [systemd-devel] " Luis R. Rodriguez
2014-06-05  2:52                   ` Cameron Norman
2014-06-10  1:15                     ` Luis R. Rodriguez
2014-06-05 11:22                   ` Lennart Poettering
2014-06-05 18:01                     ` Luis R. Rodriguez
2014-06-05 19:24                       ` Lennart Poettering
2014-06-05 19:26                         ` Andrew Lutomirski

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140601061547.GC16257@tango.0pointer.de \
    --to=mzxreary@0pointer.de \
    --cc=Ian.Campbell@citrix.com \
    --cc=ebiederm@xmission.com \
    --cc=ian.jackson@eu.citrix.com \
    --cc=jbeulich@suse.com \
    --cc=keir@xen.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=luto@mit.edu \
    --cc=mcgrof@suse.com \
    --cc=morgan@kernel.org \
    --cc=systemd-devel@lists.freedesktop.org \
    --cc=tim@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox