Quoting Stephan Sachse (ste.sachse@xxxxxxxxx):
> > Look at security/commoncap.c:cap_inode_setxattr()
> >
> > Whereas file ownership is properly namespaced, and task capabilities
> > are properly namespaced, file capabilities are more problematic. To
> > support this, I think we'd need a new capability xattr format. If we
> > add the kuid_t of the user_namespace root id, I think we could safely
> > support this.
>
> sorry for this :) but i'm not a kernel/c programmer.
No no, thanks for raising the issue, and thanks for having sent a patch!
> maybe there must be more then one cap set per file.
>
> security.capability for the init_ns
> security.capability.{kuid_t} for the userns
>
> the name of the xattr must be transparently mapped.
>
> in userns for get*() if there is no security.capability.{kuid_t} use
> the security.capability. but never write to security.capability always
> to security.capability.{kuid_t}
>
> or the format of security.capability must be changed to support more
> then one set of caps. every capability set must be associated with a
> kuid_t.
To avoid impacting the performance of the host case, we could
keep the current XATTR_NAME_CAPS format in init_user_ns, and
add a new XATTR_NAME_CAPS_V2 which adds the kuid_t.
> back to line one of my mail: i'm not a kernel/c programmer :'(
This frankly looks like fun, but I won't have time to work on this
this week. If anyone else does, I'll happily look at the patches.
thanks,
-serge
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list