lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Oct 2020 16:36:13 +0000 From: Sargun Dhillon <sargun@...gun.me> To: Lennart Poettering <lennart@...ttering.net> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Christian Brauner <christian.brauner@...ntu.com>, Alexander Viro <viro@...iv.linux.org.uk>, Christoph Hellwig <hch@...radead.org>, linux-fsdevel@...r.kernel.org, John Johansen <john.johansen@...onical.com>, James Morris <jmorris@...ei.org>, Mimi Zohar <zohar@...ux.ibm.com>, Dmitry Kasatkin <dmitry.kasatkin@...il.com>, Stephen Smalley <stephen.smalley.work@...il.com>, Casey Schaufler <casey@...aufler-ca.com>, Arnd Bergmann <arnd@...db.de>, Andreas Dilger <adilger.kernel@...ger.ca>, OGAWA Hirofumi <hirofumi@...l.parknet.co.jp>, Geoffrey Thomas <geofft@...reload.com>, Mrunal Patel <mpatel@...hat.com>, Josh Triplett <josh@...htriplett.org>, Andy Lutomirski <luto@...nel.org>, Amir Goldstein <amir73il@...il.com>, Miklos Szeredi <miklos@...redi.hu>, Theodore Tso <tytso@....edu>, Alban Crequy <alban@...volk.io>, Tycho Andersen <tycho@...ho.ws>, David Howells <dhowells@...hat.com>, James Bottomley <James.Bottomley@...senpartnership.com>, Jann Horn <jannh@...gle.com>, Seth Forshee <seth.forshee@...onical.com>, Stéphane Graber <stgraber@...ntu.com>, Aleksa Sarai <cyphar@...har.com>, smbarber@...omium.org, Phil Estes <estesp@...il.com>, Serge Hallyn <serge@...lyn.com>, Kees Cook <keescook@...omium.org>, Todd Kjos <tkjos@...gle.com>, Jonathan Corbet <corbet@....net>, containers@...ts.linux-foundation.org, linux-security-module@...r.kernel.org, linux-api@...r.kernel.org, linux-ext4@...r.kernel.org, linux-unionfs@...r.kernel.org, linux-audit@...hat.com, linux-integrity@...r.kernel.org, selinux@...r.kernel.org Subject: Re: [PATCH 00/34] fs: idmapped mounts On Thu, Oct 29, 2020 at 05:05:02PM +0100, Lennart Poettering wrote: > On Do, 29.10.20 10:47, Eric W. Biederman (ebiederm@...ssion.com) wrote: > > > Is that the use case you are looking at removing the need for > > systemd-homed to avoid chowning after lugging encrypted home directories > > from one system to another? Why would it be desirable to avoid the > > chown? > > Yes, I am very interested in seeing Christian's work succeed, for the > usecase in systemd-homed. In systemd-homed each user gets their own > private file system, and these fs shall be owned by the user's local > UID, regardless in which system it is used. The UID should be an > artifact of the local, individual system in this model, and thus > the UID on of the same user/home on system A might be picked as 1010 > and on another as 1543, and on a third as 1323, and it shouldn't > matter. This way, home directories become migratable without having to > universially sync UID assignments: it doesn't matter anymore what the > local UID is. > > Right now we do a recursive chown() at login time to ensure the home > dir is properly owned. This has two disadvantages: > > 1. It's slow. In particular on large home dirs, it takes a while to go > through the whole user's homedir tree and chown/adjust ACLs for > everything. > > 2. Because it is so slow we take a shortcut right now: if the > top-level home dir inode itself is owned by the correct user, we > skip the recursive chowning. This means in the typical case where a > user uses the same system most of the time, and thus the UID is > stable we can avoid the slowness. But this comes at a drawback: if > the user for some reason ends up with files in their homedir owned > by an unrelated user, then we'll never notice or readjust. > > > If the goal is to solve fragmented administration of uid assignment I > > suggest that it might be better to solve the administration problem so > > that all of the uids of interest get assigned the same way on all of the > > systems of interest. > > Well, the goal is to make things simple and be able to use the home > dir everywhere without any prior preparation, without central UID > assignment authority. > > The goal is to have a scheme that requires no administration, by > making the UID management problem go away. Hence, if you suggest > solving this by having a central administrative authority: this is > exactly what the model wants to get away from. > > Or to say this differently: just because I personally use three > different computers, I certainly don't want to set up LDAP or sync > UIDs manually. > > Lennart > > -- > Lennart Poettering, Berlin Can you help me understand systemd-homed a little bit? In the man page it says: systemd-homed is a system service that may be used to create, remove, change or inspect home areas (directories and network mounts and real or loopback block devices with a filesystem, optionally encrypted). It seems that the "underlay?" (If you'll call it that, maybe there is a better term) can either be a standalone block device (this sounds close to systemd machined?), a btrfs subvolume (which receives its own superblock (IIRC?, I might be wrong. It's been a while since I've used btrfs), or just be a directory that's mapped? What decides whether it's just a directory and bind-mounted (or a similar vfsmount), or an actual superblock? How is the mapping of "real UIDs" to "namespace UIDs" works when it's just a bind mount? From the perspective of multiple user namespaces, are all "underlying" UIDs mapped through, or if I try to look at another user's home directory will they not show up? Is there a reason you can't / don't / wont use overlayfs instead of bind mounts?
Powered by blists - more mailing lists