linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: ebiederm@xmission.com (Eric W. Biederman)
To: Mike Hearn <mike@plan99.net>
Cc: linux-kernel@vger.kernel.org, akpm@osdl.org
Subject: Re: [PATCH] Add a /proc/self/exedir link
Date: Wed, 05 Apr 2006 14:39:16 -0600	[thread overview]
Message-ID: <m1fykr3ggb.fsf@ebiederm.dsl.xmission.com> (raw)
In-Reply-To: <4431A93A.2010702@plan99.net> (Mike Hearn's message of "Tue, 04 Apr 2006 00:01:14 +0100")

Mike Hearn <mike@plan99.net> writes:

> Alright, Andrew Morton indicated that he liked this patch but the idea needed
> discussion and mindshare. I asked Con Kolivas if it made sense to go in his
> desktop patchset for people to try: he said he liked it too but it's not his
> area, and that it should be discussed here.
>
> To clarify, I'm proposing this patch for eventual mainline inclusion.
>
> It adds a simple bit of API - a symlink in /proc/pid - which makes it easy to
> build relocatable software:
>
>    ./configure --prefix=/proc/self/exedir/..
>
> This is useful for a variety of purposes:
>
> * Distributing programs that are runnable from CD or USB key (useful for
>    Linux magazine cover disks)
>
> * Binary packages that can be installed anywhere, for instance, to your
>    home directory
>
> * Network admins can more easily place programs on network mounts
>
> I'm sure you can think of others. You can patch software to be relocatable
> today, but it's awkward and error prone. A simple patch can allow us to get it
> "for free" on any UNIX software that uses the idiomatic autotools build system.
>
> So .... does anybody have any objections to this? Would you like to see it go
> in? Speak now or forever hold your peace! :)

You patch needs to move proc_exedir_link into base.c instead
of replicating it twice (that is a maintenance problem).

I think if we can fix namespaces you don't have to be root to use
them that is a superioir approach, and will cover more cases.

I have concerns about security policy in this case because a proc
symlink is not a symlink.  So if you chmod an intermediate directory
in your prefix to 000 you will still be able to access it.

I'm not at all certain I like applications depending on the fact
that I have procfs mounted on /proc.  It's bad enough that system
libraries are beginning to care.   This means I can not run any of
your relocatable executalbes in a chroot environment unless I mount
proc.

If we add this it will never be removed from /proc, so we should
be certain we want this.

Given how long we have been without this I doubt many people actually
care, or their software would be written so it was relocatable from
day one.

I'm not certain the directory of an inode even makes sense, and
that is what you are asking for us to export.

Eric

  parent reply	other threads:[~2006-04-05 20:40 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-04-03 23:01 [PATCH] Add a /proc/self/exedir link Mike Hearn
2006-04-03 23:26 ` Joshua Hudson
2006-04-03 23:30 ` Neil Brown
2006-04-04 15:54 ` Jan Engelhardt
2006-04-04 21:24   ` Nix
2006-04-05 20:39 ` Eric W. Biederman [this message]
2006-04-05 21:52   ` Mike Hearn
2006-04-06 23:33     ` Tony Luck
2006-04-07  7:52       ` Neil Brown
2006-04-07  9:15         ` Andreas Schwab
2006-04-07 19:10           ` Eric W. Biederman
2006-04-08  8:26           ` Jan Engelhardt
     [not found] <5XGlt-GY-23@gated-at.bofh.it>
     [not found] ` <5XGOz-1eP-35@gated-at.bofh.it>
2006-04-06 11:39   ` Bodo Eggert
2006-04-06 13:21     ` Mike Hearn
2006-04-06 17:02       ` Bodo Eggert
2006-04-06 19:36         ` Mike Hearn
2006-04-07 18:40           ` Eric W. Biederman
2006-04-07 19:22             ` Mike Hearn

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1fykr3ggb.fsf@ebiederm.dsl.xmission.com \
    --to=ebiederm@xmission.com \
    --cc=akpm@osdl.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=mike@plan99.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).