[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7)
From: |
Dr. David Alan Gilbert |
Subject: |
Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7) |
Date: |
Thu, 18 Jun 2020 20:16:55 +0100 |
User-agent: |
Mutt/1.14.0 (2020-05-02) |
* Vivek Goyal (vgoyal@redhat.com) wrote:
> On Thu, Apr 16, 2020 at 05:49:05PM +0100, Stefan Hajnoczi wrote:
> > virtiofsd doesn't need of all Linux capabilities(7) available to root.
> > Keep a
> > whitelisted set of capabilities that we require. This improves security in
> > case virtiofsd is compromised by making it hard for an attacker to gain
> > further
> > access to the system.
>
> Hi Stefan,
>
> I just noticed that this patch set breaks overlayfs on top of virtiofs.
>
> overlayfs sets "trusted.overlay.*" and xattrs in trusted domain
> need CAP_SYS_ADMIN.
>
> man xattr says.
>
> Trusted extended attributes
> Trusted extended attributes are visible and accessible only to pro‐
> cesses that have the CAP_SYS_ADMIN capability. Attributes in this
> class are used to implement mechanisms in user space (i.e., outside the
> kernel) which keep information in extended attributes to which ordinary
> processes should not have access.
>
> There is a chance that overlay moves away from trusted xattr in future.
> But for now we need to make it work. This is an important use case for
> kata docker in docker build.
>
> May be we can add an option to virtiofsd say "--add-cap <capability>" and
> ask user to pass in "--add-cap cap_sys_admin" if they need to run daemon
> with this capaibility.
I'll admit I don't like the idea of giving it cap_sys_admin.
Can you explain:
a) What overlayfs uses trusted for?
b) If something nasty was to write junk into the trusted attributes,
what would happen?
c) I see overlayfs has a fallback check if xattr isn't supported at
all - what is the consequence?
Dave
> Thanks
> Vivek
>
> >
> > Stefan Hajnoczi (2):
> > virtiofsd: only retain file system capabilities
> > virtiofsd: drop all capabilities in the wait parent process
> >
> > tools/virtiofsd/passthrough_ll.c | 51 ++++++++++++++++++++++++++++++++
> > 1 file changed, 51 insertions(+)
> >
> > --
> > 2.25.1
> >
> > _______________________________________________
> > Virtio-fs mailing list
> > Virtio-fs@redhat.com
> > https://www.redhat.com/mailman/listinfo/virtio-fs
>
> _______________________________________________
> Virtio-fs mailing list
> Virtio-fs@redhat.com
> https://www.redhat.com/mailman/listinfo/virtio-fs
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/06/18
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7),
Dr. David Alan Gilbert <=
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/06/18
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Dr. David Alan Gilbert, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Daniel P . Berrangé, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Dr. David Alan Gilbert, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Daniel P . Berrangé, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Dr. David Alan Gilbert, 2020/06/26
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Vivek Goyal, 2020/06/19
- Re: [Virtio-fs] [PATCH 0/2] virtiofsd: drop Linux capabilities(7), Dr. David Alan Gilbert, 2020/06/19