From: Kamezawa Hiroyuki <kamezawa.hiroyu-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
To: "Eric W. Biederman"
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>,
Ian Kent <raven-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
Cc: linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Stanislav Kinsbursky
<skinsbursky-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org>,
Jeff Layton <jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
Greg KH
<gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
Oleg Nesterov <oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org,
bharrosh-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org,
linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org
Subject: Re: call_usermodehelper in containers
Date: Fri, 19 Feb 2016 12:08:04 +0900 [thread overview]
Message-ID: <56C68714.2000900@jp.fujitsu.com> (raw)
In-Reply-To: <87r3g9ychc.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
On 2016/02/19 5:45, Eric W. Biederman wrote:
> Personally I am a fan of the don't be clever and capture a kernel thread
> approach as it is very easy to see you what if any exploitation
> opportunities there are. The justifications for something more clever
> is trickier. Of course we do something that from this perspective would
> be considered ``clever'' today with kthreadd and user mode helpers.
>
I read old discussion....let me allow clarification to create a helper kernel thread
to run usermodehelper with using kthreadd.
0) define a trigger to create an independent usermodehelper environment for a container.
Option A) at creating some namespace (pid, uid, etc...)
Option B) at creating a new nsproxy
Option C).at a new systemcall is called or some sysctl, make_private_usermode_helper() or some,
It's expected this should be triggered by init process of a container with some capability.
And scope of the effect should be defined. pid namespace ? nsporxy ? or new namespace ?
1) create a helper thread.
task = kthread_create(kthread_work_fn, ?, ?, "usermodehelper")
switch task's nsproxy to current.(swtich_task_namespaces())
switch task's cgroups to current (cgroup_attach_task_all())
switch task's cred to current.
copy task's capability from current
(and any other ?)
wake_up_process()
And create a link between kthread_wq and container.
2) modify call_usermodehelper() to use kthread_worker
....
It seems the problem is which object container private user mode helper should be tied to.
Regards,
-Kame
WARNING: multiple messages have this Message-ID (diff)
From: Kamezawa Hiroyuki <kamezawa.hiroyu@jp.fujitsu.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>, Ian Kent <raven@themaw.net>
Cc: Oleg Nesterov <oleg@redhat.com>,
Stanislav Kinsbursky <skinsbursky@parallels.com>,
Jeff Layton <jlayton@redhat.com>,
Greg KH <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-nfs@vger.kernel.org, devel@openvz.org,
bfields@fieldses.org, bharrosh@panasas.com,
Linux Containers <containers@lists.linux-foundation.org>
Subject: Re: call_usermodehelper in containers
Date: Fri, 19 Feb 2016 12:08:04 +0900 [thread overview]
Message-ID: <56C68714.2000900@jp.fujitsu.com> (raw)
In-Reply-To: <87r3g9ychc.fsf@x220.int.ebiederm.org>
On 2016/02/19 5:45, Eric W. Biederman wrote:
> Personally I am a fan of the don't be clever and capture a kernel thread
> approach as it is very easy to see you what if any exploitation
> opportunities there are. The justifications for something more clever
> is trickier. Of course we do something that from this perspective would
> be considered ``clever'' today with kthreadd and user mode helpers.
>
I read old discussion....let me allow clarification to create a helper kernel thread
to run usermodehelper with using kthreadd.
0) define a trigger to create an independent usermodehelper environment for a container.
Option A) at creating some namespace (pid, uid, etc...)
Option B) at creating a new nsproxy
Option C).at a new systemcall is called or some sysctl, make_private_usermode_helper() or some,
It's expected this should be triggered by init process of a container with some capability.
And scope of the effect should be defined. pid namespace ? nsporxy ? or new namespace ?
1) create a helper thread.
task = kthread_create(kthread_work_fn, ?, ?, "usermodehelper")
switch task's nsproxy to current.(swtich_task_namespaces())
switch task's cgroups to current (cgroup_attach_task_all())
switch task's cred to current.
copy task's capability from current
(and any other ?)
wake_up_process()
And create a link between kthread_wq and container.
2) modify call_usermodehelper() to use kthread_worker
....
It seems the problem is which object container private user mode helper should be tied to.
Regards,
-Kame
next prev parent reply other threads:[~2016-02-19 3:08 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-11 12:18 call_usermodehelper in containers Jeff Layton
2013-11-11 12:43 ` [Devel] " Vasily Kulikov
2013-11-11 13:26 ` Jeff Layton
2013-11-12 0:47 ` Greg KH
2013-11-12 11:12 ` Jeff Layton
2013-11-12 13:02 ` Stanislav Kinsbursky
2013-11-12 13:30 ` Jeff Layton
2013-11-15 5:05 ` Eric W. Biederman
2013-11-15 10:40 ` Stanislav Kinsbursky
2013-11-15 11:03 ` Eric W. Biederman
2013-11-15 11:54 ` Stanislav Kinsbursky
2016-02-12 23:39 ` Ian Kent
2016-02-13 16:08 ` Stanislav Kinsburskiy
2016-02-15 0:11 ` Ian Kent
[not found] ` <1455495082.2941.32.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 3:17 ` Eric W. Biederman
2016-02-18 3:17 ` Eric W. Biederman
2013-11-18 17:28 ` Oleg Nesterov
2013-11-18 18:02 ` Oleg Nesterov
2013-11-19 14:51 ` Jeff Layton
2016-02-11 0:17 ` Ian Kent
[not found] ` <1455149857.2903.9.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 2:57 ` Eric W. Biederman
2016-02-18 2:57 ` Eric W. Biederman
[not found] ` <8737sq4teb.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-02-18 3:43 ` Kamezawa Hiroyuki
2016-02-18 3:43 ` Kamezawa Hiroyuki
2016-02-18 6:36 ` Ian Kent
2016-02-18 7:37 ` Ian Kent
[not found] ` <1455781033.2908.5.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 20:45 ` Eric W. Biederman
2016-02-18 20:45 ` Eric W. Biederman
[not found] ` <87r3g9ychc.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2016-02-19 3:08 ` Kamezawa Hiroyuki [this message]
2016-02-19 3:08 ` Kamezawa Hiroyuki
[not found] ` <56C68714.2000900-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-19 5:37 ` Ian Kent
2016-02-19 5:37 ` Ian Kent
[not found] ` <1455860260.3356.31.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-19 9:30 ` Kamezawa Hiroyuki
2016-02-19 9:30 ` Kamezawa Hiroyuki
[not found] ` <56C6E0A8.3010806-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-20 3:28 ` Ian Kent
2016-02-20 3:28 ` Ian Kent
2016-02-19 5:14 ` Ian Kent
2016-02-19 5:14 ` Ian Kent
2016-02-23 2:55 ` Ian Kent
[not found] ` <1456196130.2911.10.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-23 14:36 ` J. Bruce Fields
2016-02-23 14:36 ` J. Bruce Fields
[not found] ` <20160223143627.GB31951-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org>
2016-02-24 0:55 ` Ian Kent
2016-02-24 0:55 ` Ian Kent
[not found] ` <1455858850.3356.19.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-23 2:55 ` Ian Kent
[not found] ` <1455777387.3188.24.camel-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org>
2016-02-18 7:37 ` Ian Kent
[not found] ` <56C53DE3.1070108-+CUm20s59erQFUHtdCDX3A@public.gmane.org>
2016-02-18 6:36 ` Ian Kent
2016-03-24 7:45 ` Ian Kent
2016-03-25 1:28 ` Oleg Nesterov
2016-03-25 7:25 ` Ian Kent
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56C68714.2000900@jp.fujitsu.com \
--to=kamezawa.hiroyu-+cum20s59erqfuhtdcdx3a@public.gmane.org \
--cc=bfields-uC3wQj2KruNg9hUCZPvPmw@public.gmane.org \
--cc=bharrosh-C4P08NqkoRlBDgjK7y7TUQ@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=devel-GEFAQzZX7r8dnm+yROfE0A@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=gregkh-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org \
--cc=jlayton-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-nfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=oleg-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=raven-PKsaG3nR2I+sTnJN9+BGXg@public.gmane.org \
--cc=skinsbursky-bzQdu9zFT3WakBO8gow8eQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.