| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 May 2014 08:27:03 -0500 From: Seth Forshee <seth.forshee@...onical.com> To: LXC development mailing-list <lxc-devel@...ts.linuxcontainers.org> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Serge Hallyn <serge.hallyn@...ntu.com>, "Michael H. Warfield" <mhw@...tsEnd.com>, linux-kernel@...r.kernel.org, Jens Axboe <axboe@...nel.dk>, Arnd Bergmann <arnd@...db.de>, Serge Hallyn <serge.hallyn@...onical.com>, James Bottomley <James.Bottomley@...senPartnership.com> Subject: Re: [lxc-devel] [RFC PATCH 00/11] Add support for devtmpfs in user namespaces On Sun, May 18, 2014 at 04:44:58AM +0200, Serge E. Hallyn wrote: > Quoting Seth Forshee (seth.forshee@...onical.com): > > On Fri, May 16, 2014 at 09:31:37PM -0700, Eric W. Biederman wrote: > > > Greg Kroah-Hartman <gregkh@...uxfoundation.org> writes: > > > > > > > On Fri, May 16, 2014 at 01:49:59AM +0000, Serge Hallyn wrote: > > > >> > I think having to pick and choose what device nodes you want in a > > > >> > container is a good thing. Becides, you would have to do the same thing > > > >> > in the kernel anyway, what's wrong with userspace making the decision > > > >> > here, especially as it knows exactly what it wants to do much more so > > > >> > than the kernel ever can. > > > >> > > > >> For 'real' devices that sounds sensible. The thing about loop devices > > > >> is that we simply want to allow a container to say "give me a loop > > > >> device to use" and have it receive a unique loop device (or 3), without > > > >> having to pre-assign them. I think that would be cleaner to do using > > > >> a pseudofs and loop-control device, rather than having to have a > > > >> daemon in userspace on the host farming those out in response to > > > >> some, I don't know, dbus request? > > > > > > > > I agree that loop devices would be nice to have in a container, and that > > > > the existing loop interface doesn't really lend itself to that. So > > > > create a new type of thing that acts like a loop device in a container. > > > > But don't try to mess with the whole driver core just for a single type > > > > of device. > > > > > > Yes. Something like devpts (without the newinstance option). Built to > > > allow unprivileged users to create loopback devices. > > > > That's where I started, and I've got code, so I guess I'll clean it up > > and send patches. If the stance is that only system-wide CAP_SYS_ADMIN > > gets to do privileged block device ioctls, including reading partitions > > Sorry, where did that come from? What Eric was referring to below is > the fs superblock readers not being trusted. Maybe I glossed over another > email where it was mentioned? You must have. Take a look at [1]. To repeat the point: the ioctl to reread partitions (along with several other block device ioctls) has a capable(CAP_SYS_ADMIN) check. We can't change this to an ns_capable check without at minimum the block layer knowing about the namespace associated with the block device. Ergo we can't reread paritions if this is done entirely within the loop driver via a psuedo fs. [1] http://article.gmane.org/gmane.linux.kernel.containers.lxc.devel/8191 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists