[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls:
|
From: |
Thompson, David |
|
Subject: |
Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.) |
|
Date: |
Mon, 17 Aug 2015 11:25:07 -0400 |
On Mon, Aug 17, 2015 at 11:16 AM, Claes Wallin (韋嘉誠)
<address@hidden> wrote:
> On Mon, Aug 17, 2015 at 4:34 PM, Thompson, David
> <address@hidden> wrote:
>> On Mon, Aug 17, 2015 at 4:33 AM, Eric Bavier <address@hidden> wrote:
>>> On Mon, 17 Aug 2015 14:45:28 +0200
>>> Claes Wallin (韋嘉誠) <address@hidden> wrote:
>
>>>> https://www.gnu.org/software/guix/manual/guix.html#Build-Environment-Setup
>>>>
>>>> "If you are installing Guix as an unprivileged user, it is still
>>>> possible to run guix-daemon provided you pass --disable-chroot."
>>>>
>>>
>>> I have experimented with this a bit lately. It works to some extent,
>>> but I have had to apply a few patches to some package recipes. Some
>>> packages have failing tests (where presumably they would pass or be
>>> skipped in the chroot), which I have disabled for the time being just
>>> to move along.
>>
>> I think that to really make unprivileged use of Guix work acceptably,
>> we need to use the user namespaces feature first introduced in Linux
>> 3.8. This would allow unprivileged users to build software in the
>> same type of isolated environments that are used when running the
>> daemon as root.
>
>
> Working at all is acceptable to me.
>
> Do namespaces really work for non-root? That's more awesome than I
> expected. But without being able to point out how, it sounds to me
> like it could easily be a privilege escalation waiting to happen,
> unless you do it as compartmentalized as the Hurd does it ... which
> Linux won't.
Yes, user namespaces can be created by unprivileged users. The user
that created the namespace then has root in the context of the new
namespace, which allows for creating all of the other types of
namespaces. There's been some bumps along the way, such as a security
bug with groups that prompted the addition of the
/proc/<pid>/setgroups file in Linux 3.19 (I think) that has since been
backported to earlier kernel releases, the oldest I know of being
3.13. But overall, this feature is very good and using it for Guix
would allow for the unprivileged daemon to take advantage of almost
all of the isolation techniques used by the privileged daemon.
- Dave
- Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/16
- Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/16
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), Eric Bavier, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), Thompson, David, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.),
Thompson, David <=
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user, Ludovic Courtès, 2015/08/23
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), Eric Bavier, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/17
- Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.), 韋嘉誠, 2015/08/18
- Re: Running guix-daemon as an unprivileged user, Ludovic Courtès, 2015/08/23