[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root
From: |
Stefan Hajnoczi |
Subject: |
Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root |
Date: |
Tue, 2 Jun 2020 10:55:47 +0100 |
On Fri, May 01, 2020 at 02:25:48PM -0400, Colin Walters wrote:
> I'd like to make use of virtiofs as part of our tooling in
> https://github.com/coreos/coreos-assembler
> Most of the code runs as non-root today; qemu also runs as non-root.
> We use 9p right now.
>
> virtiofsd's builtin sandboxing effectively assumes it runs as
> root.
>
> First, change the code to use `clone()` and not `unshare()+fork()`.
>
> Next, automatically use `CLONE_NEWUSER` if we're running as non root.
>
> This is similar logic to that in https://github.com/containers/bubblewrap
> (Which...BTW, it could make sense for virtiofs to depend on bubblewrap
> and re-exec itself rather than re-implementing the containerization
> itself)
>
> Signed-off-by: Colin Walters <walters@verbum.org>
> ---
> tools/virtiofsd/passthrough_ll.c | 26 +++++++++++++++++++++-----
> 1 file changed, 21 insertions(+), 5 deletions(-)
Ping Colin. It would be great if you have time to share your thoughts on
this discussion and explain how you are using this patch.
To summarize: I'm unclear what behavior a user can expect since I'm not
aware of anything that applies /etc/subuid for the user namespace. Does
this mean the expected behavior is that virtiofsd will map all uids/gids
to -1 when invoked non-root?
Could you document the behavior and consider supporting both -1 and
/etc/subuid operation? Both seem like useful behaviors for different use
cases.
Thanks,
Stefan
signature.asc
Description: PGP signature
- Re: [PATCH] virtiofsd: Use clone() and not unshare(), support non-root,
Stefan Hajnoczi <=