Re: [PATCH -mm 5/7] add user namespace

On Jul 14, 2006, at 13:05:23, Serge E. Hallyn wrote:

Quoting Eric W. Biederman ([email protected]):
Capabilities have always fitted badly in with the normal unixpermissions.
Well they're not supposed to fit in.
If we keep permchecks as uid==0 on files which invoke kernelcallbacks, then we can only say once what root is allowed to do.If we make them capability checks, then for differnet uses ofnamespaces we can have them do different things. For instance ifwe're making a separate user namespace for a checkpoint/restartpurpose, we might want root to retain more privs than if we'remaking a vserver.
Look I just have to keep responding because you keep provoking :),but I'm looking at other code and don't even know which entrieswe're talking about. If when I get to looking at them I find theyreally should be done by capabilities, I'll submit a patch and wecan argue then.

Capabilities are not a single fundamental privilege set and theydon't interact at all nicely with virtualization. If we're going todo this properly we need to divide capabilities up into differentsets applied to different objects. For example, the CAP_DAC_OVERRIDEcapability should _really_ be per (PID,vfsmount) pair, although thatwould probably be exceptionally inefficient, so as an optimization wecould make it per (PID,target_uid_ns) pair. That maps veryconveniently to the kernel keyring system, where we can make a "uid"keytype indexed by target_uid_ns and containing three things: Aprocess-manipulation UID (think euid), a file-manipulation UID (thinkfsuid), and a set of per-uid-ns capabilities. Similar mappingsshould be set up for most of the other capabilities. Normal cap_setand cap_get and capable() calls on those particular capabilitiesshould look up and modify the "uid" key associated with the current->nsproxy->uidns namespace, and extra calls should be added to modifycapabilities with respect to specific UID namespaces.


Here's a list of capabilities that should probably be in each "uid" key:
CAP_CHOWN
CAP_DAC_OVERRIDE
CAP_DAC_READ_SEARCH
CAP_FOWNER
CAP_FSETID
CAP_FS_MASK
CAP_SETGID
CAP_SETUID
CAP_LINUX_IMMUTABLE
CAP_IPC_OWNER

Cheers,
Kyle Moffett



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [PATCH -mm 5/7] add user namespace
  - From: "Serge E. Hallyn" <[email protected]>

References:
- Re: [PATCH -mm 5/7] add user namespace
  - From: "Serge E. Hallyn" <[email protected]>
- Re: [PATCH -mm 5/7] add user namespace
  - From: [email protected] (Eric W. Biederman)
- Re: [PATCH -mm 5/7] add user namespace
  - From: Dave Hansen <[email protected]>
- Re: [PATCH -mm 5/7] add user namespace
  - From: [email protected] (Eric W. Biederman)
- Re: [PATCH -mm 5/7] add user namespace
  - From: Dave Hansen <[email protected]>
- Re: [PATCH -mm 5/7] add user namespace
  - From: [email protected] (Eric W. Biederman)
- Re: [PATCH -mm 5/7] add user namespace
  - From: Dave Hansen <[email protected]>
- Re: [PATCH -mm 5/7] add user namespace
  - From: [email protected] (Eric W. Biederman)
- Re: [PATCH -mm 5/7] add user namespace
  - From: "Serge E. Hallyn" <[email protected]>
- Re: [PATCH -mm 5/7] add user namespace
  - From: [email protected] (Eric W. Biederman)
- Re: [PATCH -mm 5/7] add user namespace
  - From: "Serge E. Hallyn" <[email protected]>

Prev by Date: Re: [PATCH] reiserfs: fix handling of device names with /'s in them
Next by Date: Re: [PATCH -mm 5/7] add user namespace
Previous by thread: Re: [PATCH -mm 5/7] add user namespace
Next by thread: Re: [PATCH -mm 5/7] add user namespace
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]