From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.7 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BB1F5C433E0 for ; Wed, 27 Jan 2021 19:34:54 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id C159D64D9E for ; Wed, 27 Jan 2021 19:34:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org C159D64D9E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=antioche.eu.org Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.76373.137782 (Exim 4.92) (envelope-from ) id 1l4qaP-0003MY-NB; Wed, 27 Jan 2021 19:34:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 76373.137782; Wed, 27 Jan 2021 19:34:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l4qaP-0003MR-Jn; Wed, 27 Jan 2021 19:34:41 +0000 Received: by outflank-mailman (input) for mailman id 76373; Wed, 27 Jan 2021 19:34:40 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1l4qaO-0003ML-Ln for xen-devel@lists.xenproject.org; Wed, 27 Jan 2021 19:34:40 +0000 Received: from isis.lip6.fr (unknown [2001:660:3302:283c::2]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 5802fbd6-d604-475c-a113-a82ea9bb14d4; Wed, 27 Jan 2021 19:34:38 +0000 (UTC) Received: from asim.lip6.fr (asim.lip6.fr [132.227.86.2]) by isis.lip6.fr (8.15.2/8.15.2) with ESMTP id 10RJYUfZ010134; Wed, 27 Jan 2021 20:34:30 +0100 (CET) Received: from armandeche.soc.lip6.fr (armandeche [132.227.63.133]) by asim.lip6.fr (8.15.2/8.14.4) with ESMTP id 10RJYUuP027831; Wed, 27 Jan 2021 20:34:30 +0100 (MET) Received: by armandeche.soc.lip6.fr (Postfix, from userid 20331) id 82B2F7218; Wed, 27 Jan 2021 20:34:30 +0100 (MET) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5802fbd6-d604-475c-a113-a82ea9bb14d4 Date: Wed, 27 Jan 2021 20:34:30 +0100 From: Manuel Bouyer To: Ian Jackson Cc: Roger Pau =?iso-8859-1?Q?Monn=E9?= , George Dunlap , xen-devel@lists.xenproject.org, Wei Liu , Anthony PERARD Subject: Re: [PATCH] libs/light: make it build without setresuid() Message-ID: <20210127193430.GB26055@mail.soc.lip6.fr> References: <20210112181242.1570-16-bouyer@antioche.eu.org> <20210118181656.2abblbjg2jvhlad7@Air-de-Roger> <24584.17302.958286.788145@mariner.uk.xensource.com> <20210120151321.GB4175@antioche.eu.org> <24584.19725.745755.464840@mariner.uk.xensource.com> <20210120165615.GB5035@antioche.eu.org> <24584.25612.523093.188718@mariner.uk.xensource.com> <20210120172046.GA5772@antioche.eu.org> <24584.26722.347244.50758@mariner.uk.xensource.com> <24593.36536.770883.890760@mariner.uk.xensource.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <24593.36536.770883.890760@mariner.uk.xensource.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (isis.lip6.fr [132.227.60.2]); Wed, 27 Jan 2021 20:34:31 +0100 (CET) X-Scanned-By: MIMEDefang 2.78 on 132.227.60.2 On Wed, Jan 27, 2021 at 04:03:04PM +0000, Ian Jackson wrote: > Ian Jackson writes ("Re: [PATCH] libs/light: make it build without setresuid()"): > > Manuel Bouyer writes ("Re: [PATCH] libs/light: make it build without setresuid()"): > > > On Wed, Jan 20, 2021 at 05:10:36PM +0000, Ian Jackson wrote: > > > > My last mail had in it a thing that claims to be a proof that this is > > > > not possible. > > > > > > This code: > ... > > > actually works on NetBSD. processes from 375 are killed, and the > > > seteuid(0) call succeeds (showing that the saved used id is still 0). > > > > I guess I must have been wrong. > > > > > > What do you think ? > > > > > > As this is supported by Xen, I hope I can make at last run qemu with a > > > non-zero uid. > > > > The logic for deciding what user to run qemu as, and whether to kill > > by uid or by pid, is in libxl_dm.c, in the function > > libxl__domain_get_device_model_uid. > > > > The dm_restrict flag turns on various other things too. > > I think I have lost track of where we are with this patch. I would > like to see all this properly sorted in Xen 4.15. > > How about I write a patch splitting the relevant part up into a > version for systems with setresuid and systems without ? Then you > could fill in the missing part. Yesterday I sent a v2 with the rewriting you suggested. But I'm fine with you doing the rewrite. > > Should I expect the non-setresuid OS to provide effectively the whole > orf kill_device_model_uid_child, or just a replacement for the > setresuid call and surrounding logging, something like > kill_device_model_uid_child_setresuid As far as I'm concerned, kill_device_model_uid_child_setresuid() is enough. Unfortunably I don't think I'll have time to work on dm restriction for NetBSD before 4.15 -- Manuel Bouyer NetBSD: 26 ans d'experience feront toujours la difference --