Document new xattrperm flag
Marko Petrović
petrovicmarko2006 at gmail.com
Thu Apr 13 15:30:22 PDT 2023
Hello,
I am Marko Petrović. I have been using User-Mode Linux (UML) for some time
and I have noticed that in the documentation it is said that UML can boot
from hostfs however, hostfs exposes file permissions of the host to the
UML, and changing these permissions requires that the kernel has necessary
privileges on the host.
In addition to that, all files are created with the ownership of the
kernel's user and group since the kernel is performing file creation.
This creates obvious problems when a multiuser system is running inside
UML since applications cannot create files that they own and the UML
kernel forbids further access to these files. This in particular can
present problems when booting from hostfs that appears to otherwise be
supported.
One solution would be for the kernel to run with the necessary privileges
to alter file permissions and yet still access them in order to service
syscalls to UML processes and another (in my humble opinion, preferable)
solution would be to store permissions used by the UML kernel separately
from host's permissions so that the kernel can run with standard
privileges.
In hope that it will be useful, I have written a patch that adds a boot
option for hostfs for enabling the usage of extended attributes for
storing these permissions. Extended attributes seemed like the most
reasonable choice for this purpose and most Linux filesystems support
them.
I have also added a try for doing regular chown(2) on file
creation when extended attributes are disabled. If the kernel isn't
running as root, it will fall back to the old behavior.
In another patch, I provide documentation update for explaining
the usage of the new flag when booting from hostfs. I have also changed
the "find" command that was used there so that it now skips symlinks
since some symlinks point to absolute paths and that was changing
permissions on the host in unintended ways.
I am looking forward to your feedback on this work.
P.S. I apologize if there are any grammar errors in the mail as English is
not my first language. As this is my first patch, I also apologize if I
have missed any part of the patch submission procedure. For future patches
I will correct all encountered mistakes.
More information about the linux-um
mailing list