From: ebiederm@xmission.com (Eric W. Biederman)
To: "J. Bruce Fields" <bfields@fieldses.org>
Cc: Stanislav Kinsbursky <skinsbursky@parallels.com>,
viro@zeniv.linux.org.uk, serge.hallyn@canonical.com,
jlayton@redhat.com, lucas.demarchi@profusion.mobi,
rusty@rustcorp.com.au, linux-kernel@vger.kernel.org,
oleg@redhat.com, bharrosh@panasas.com,
linux-fsdevel@vger.kernel.org, akpm@linux-foundation.org,
devel@openvz.org
Subject: Re: [RFC PATCH] fs: call_usermodehelper_root helper introduced
Date: Wed, 22 May 2013 20:37:23 -0700 [thread overview]
Message-ID: <87vc6abc3w.fsf@xmission.com> (raw)
In-Reply-To: <20130522192339.GB31069@fieldses.org> (J. Bruce Fields's message of "Wed, 22 May 2013 15:23:39 -0400")
"J. Bruce Fields" <bfields@fieldses.org> writes:
> On Wed, May 22, 2013 at 11:35:56AM -0700, Eric W. Biederman wrote:
>> ebiederm@xmission.com (Eric W. Biederman) writes:
>>
>> > I am missing a lot of context here and capturing the context of a
>> > process at time time we mount the filesystem and reconstituing it in
>> > call user mode helper seems like something we could do.
>
> So it's not enough just to ensure that the user namespace is set
> correctly? (To the namespace of the mount process in the nfs case, or
> of the process that starts nfsd in the nfsd case.)
No. By just setting the user namespace, you gain the ability to create
processes outside of your curremt rlimits, and cgroups, and pid
namespace, etc.
With the wrong set of namespaces you will talk to the wrong processes,
or utilize the wrong resources.
Outside of your current cgroup you gain the ability to use more
resources than you were limited to.
Having thought about it what I would propose is to fork a process from
the context of the mounting process (or possibly from the context of the
process that writes to the sysctl that sets the program to spawn) and
have that process be a daemon that becomes responsible for spawning user
mode helpers with context. Either that or whe need the user mode helper
userspace infrastructure to become namespace aware and call setns.
>> If we want to do something like this the only sane thing I can see is to
>> have a per container version of kthread call it uthread. That the user
>> mode helper code would use to launch a new process.
>>
>> Anything else and I expect we will be tearing our hair out for the rest
>> of our lives with weird corner cases or unexpected semantics.
>
> Could you give examples of weird corner cases or unexpected semantics?
I gave a couple and it is the classic problem with suid executables
where a lot of unexpected things are inherited from the environment, and
so things become a never ending race. We replaced daemonize in the
kernel with just forking processes from kthreadd for this very reason.
There was always something else that needed to be reset to make a
process a proper kernel thread.
Eric
next prev parent reply other threads:[~2013-05-23 3:37 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-05-22 7:29 [RFC PATCH] fs: call_usermodehelper_root helper introduced Stanislav Kinsbursky
2013-05-22 16:03 ` Oleg Nesterov
2013-05-22 17:33 ` Eric W. Biederman
2013-05-22 18:35 ` Eric W. Biederman
2013-05-22 19:23 ` J. Bruce Fields
2013-05-23 3:37 ` Eric W. Biederman [this message]
2013-05-23 19:06 ` J. Bruce Fields
2013-05-23 8:11 ` Stanislav Kinsbursky
2013-05-23 8:07 ` Stanislav Kinsbursky
2013-05-23 10:00 ` Eric W. Biederman
2013-05-23 10:35 ` Stanislav Kinsbursky
2013-05-23 11:31 ` Jeff Layton
2013-05-23 11:38 ` Stanislav Kinsbursky
2013-05-23 11:56 ` Jeff Layton
2013-05-23 11:58 ` Stanislav Kinsbursky
2013-05-23 12:25 ` Boaz Harrosh
2013-05-23 13:05 ` Jeff Layton
2013-05-23 19:55 ` J. Bruce Fields
2013-05-23 20:14 ` J. Bruce Fields
2013-05-23 21:32 ` Eric W. Biederman
2013-05-24 6:04 ` Stanislav Kinsbursky
2013-11-08 11:58 ` Jeff Layton
2013-05-24 5:44 ` Stanislav Kinsbursky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vc6abc3w.fsf@xmission.com \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=bfields@fieldses.org \
--cc=bharrosh@panasas.com \
--cc=devel@openvz.org \
--cc=jlayton@redhat.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lucas.demarchi@profusion.mobi \
--cc=oleg@redhat.com \
--cc=rusty@rustcorp.com.au \
--cc=serge.hallyn@canonical.com \
--cc=skinsbursky@parallels.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox