From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA371C433E0 for ; Thu, 18 Mar 2021 18:41:35 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 90A9564F2A for ; Thu, 18 Mar 2021 18:41:35 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232494AbhCRSlD (ORCPT ); Thu, 18 Mar 2021 14:41:03 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:48022 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232330AbhCRSkq (ORCPT ); Thu, 18 Mar 2021 14:40:46 -0400 Received: from ip5f5af0a0.dynamic.kabel-deutschland.de ([95.90.240.160] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lMxZb-0007PH-OZ; Thu, 18 Mar 2021 18:40:43 +0000 Date: Thu, 18 Mar 2021 19:40:37 +0100 From: Christian Brauner To: Amir Goldstein Cc: Jan Kara , Matthew Bobrowski , linux-fsdevel , Linux API Subject: Re: [PATCH v2 0/2] unprivileged fanotify listener Message-ID: <20210318184037.k7y3nrk3naktuwvl@wittgenstein> References: <20210304112921.3996419-1-amir73il@gmail.com> <20210316155524.GD23532@quack2.suse.cz> <20210317114207.GB2541@quack2.suse.cz> <20210318154413.GA21462@quack2.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-api@vger.kernel.org On Thu, Mar 18, 2021 at 07:07:00PM +0200, Amir Goldstein wrote: > > > That may change when systemd home dirs feature starts to use idmapped > > > mounts. Being able to watch the user's entire home directory is a big > > > win already. > > > > Do you mean that home directory would be an extra mount with userns in > > which the user has CAP_SYS_ADMIN so he'd be able to watch subtrees on that > > mount? > > > > That is what I meant. > My understanding of the systemd-homed use case for idmapped mounts is > that the user has CAP_SYS_ADMIN is the mapped userns, but I may be wrong. systemd can simply create a new userns with the uid/gid of the target user effectively delegating it (That's independent of actually writing a uid gid mapping for the userns which will be done with privileges.) and then attach it to that mount for the user. Mine and Lennart's idea there so far has been that the creation would likely be done by the user's session at login time brauner 1346 0.0 0.0 20956 8512 ? Ss Mar03 0:03 /lib/systemd/systemd --user and systemd as root would then take care of writing the mapping to the userns and then attaching it to the mount. (I'll see Lennart in the next few days and see what works best and once we're ready start a discussion somwhere on a public list, I would suggest.) (If systemd doesn't want a user to be able to monitor a mnt it can simply create a userns with a different uid/gid but with the relevant mapping. This was what my earlier point was about "blocking a user from creating a subtree watch".) Christian