Re: [PATCH v1] linux-user: Add option to run `execve`d programs through QEMU

[Noah Goldstein <goldstein.w.n@gmail.com>]

On Wed, Oct 2, 2024 at 9:38 AM Ilya Leoshkevich <iii@linux.ibm.com> wrote:
>
> On Wed, 2024-10-02 at 16:08 +0200, Laurent Vivier wrote:
> > Le 02/10/2024 à 10:08, Ilya Leoshkevich a écrit :
> > > On Fri, 2024-08-30 at 15:36 -0700, Noah Goldstein wrote:
> > > > The new option '-qemu-children' makes it so that on `execve` the
> > > > child
> > > > process will be launch by the same `qemu` executable that is
> > > > currently
> > > > running along with its current commandline arguments.
> > > >
> > > > The motivation for the change is to make it so that plugins
> > > > running
> > > > through `qemu` can continue to run on children.  Why not just
> > > > `binfmt`?: Plugins can be desirable regardless of
> > > > system/architecture
> > > > emulation, and can sometimes be useful for elf files that can run
> > > > natively. Enabling `binfmt` for all natively runnable elf files
> > > > may
> > > > not be desirable.
> > >
> > > Another reason to have this is that one may not have root
> > > permissions
> > > to configure binfmt-misc.
> >
> > A little note on that: binfmt_misc is now part of the user namespace
> > (since linux v6.7), so you can
> > configure binfmt_misc as a non root user in a given namepace.
> >
> > There is helper to use it with unshare from util-linux, you can do
> > things like that:
> >
> >    With 'F' flag, load the interpreter from the initial namespace:
> >
> >      $ /bin/qemu-m68k-static --version
> >      qemu-m68k version 8.2.2 (qemu-8.2.2-1.fc40)
> >      Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project
> > developers
> >      $ unshare --map-root-user --fork --pid
> > --load-interp=":qemu-
> > m68k:M::\\x7fELF\\x01\\x02\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x
> > 00\\x00\\x00\\x02\\x00\\x04:\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\x00\
> > \xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\xff\\xff:/bin/qemu
> > -m68k-static:OCF"
> > --root=chroot/m68k/sid
> >      # QEMU_VERSION= ls
> >      qemu-m68k version 8.2.2 (qemu-8.2.2-1.fc40)
> >      Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project
> > developers
> >      # /qemu-m68k  --version
> >      qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95)
> >      Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project
> > developers
> >
> >    Without 'F' flag, from inside the namespace:
> >
> >      $ unshare --map-root-user --fork --pid
> > --load-interp=":qemu-
> > m68k:M::\\x7fELF\\x01\\x02\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x
> > 00\\x00\\x00\\x02\\x00\\x04:\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\x00\
> > \xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\xff\\xff:/qemu-
> > m68k:OC"
> > --root=chroot/m68k/sid
> >      # QEMU_VERSION= ls
> >      qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95)
> >      Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project
> > developers
> >      # /qemu-m68k  --version
> >      qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95)
> >      Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project
> > developers
> >
> > Thanks,
> > Laurent
> >
>
> Thanks for posting this, I wasn't aware of this feature and it looks
> really useful.
>
> IIUC it also resolves the main problem this patch is dealing with:

I might misunderstand, but I don't think it does in the sense
that it still might not be desirable to use the same qemu flags
for the entire class of executables.

I.e the original motivating case was wanting to attach
some plugins to a process and its children and AFAICT
binfmt still doesn't give that level of control.
>
>   Enabling `binfmt` for all natively runnable elf files may
>   not be desirable.