Re: [libvirt] [lxc-devel] capset fails with userns

Wednesday, 26 February 2014

Quoting Stephan Sachse (ste.sachse(a)gmail.com):
...
 > Look at security/commoncap.c:cap_inode_setxattr()
 >
 > Whereas file ownership is properly namespaced, and task capabilities
 > are properly namespaced, file capabilities are more problematic.  To
 > support this, I think we'd need a new capability xattr format.  If we
 > add the kuid_t of the user_namespace root id, I think we could safely
 > support this.

 sorry for this :) but i'm not a kernel/c programmer. 
No no, thanks for raising the issue, and thanks for having sent a patch!

...
 maybe there must be more then one cap set per file.

 security.capability for the init_ns
 security.capability.{kuid_t} for the userns

 the name of the xattr must be transparently mapped.

 in userns for get*() if there is no security.capability.{kuid_t} use
 the security.capability. but never write to security.capability always
 to security.capability.{kuid_t}

 or the format of security.capability must be changed to support more
 then one set of caps. every capability set must be associated with a
 kuid_t. 
To avoid impacting the performance of the host case, we could
keep the current XATTR_NAME_CAPS format in init_user_ns, and
add a new XATTR_NAME_CAPS_V2 which adds the kuid_t.

...
 back to line one of my mail: i'm not a kernel/c programmer
:'( 
This frankly looks like fun, but I won't have time to work on this
this week.  If anyone else does, I'll happily look at the patches.

thanks,
-serge

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005