Re: Controlling devices and device namespaces

From: Eric W. Biederman
Date: Sun Sep 16 2012 - 07:56:34 EST

Next message: Eric W. Biederman: "Re: Controlling devices and device namespaces"
Previous message: Sasha Levin: "Re: [PATCH v5] hashtable: introduce a small and naive hashtable"
In reply to: Alan Cox: "Re: Controlling devices and device namespaces"
Next in thread: Eric W. Biederman: "Re: Controlling devices and device namespaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Alan Cox <alan@xxxxxxxxxxxxxxxxxxx> writes:

>> One piece of the puzzle is that we should be able to allow unprivileged
>> device node creation and access for any device on any filesystem
>> for which it unprivileged access is safe.
>
> Which devices are "safe" is policy for all interesting and useful cases,
> as are file permissions, security tags, chroot considerations and the
> like.
>
> It's a complete non starter.

There are a handful of device nodes that the kernel creates with mode
0666. Esentially it is just /dev/tty /dev/null /dev/zero and a few
others. Enourmous numbers of programs won't work without them. Making
them both interesting and useful.

In very peculiar cases I can see not wanting to have access to generally
safe devices, like in other peculiar cases we don't have want access to
the network stack.

As for the general case device nodes for real hardware in a container
which I think is the "interesting" case you were referring to. I
personally find that case icky and boring.

The sanest way I can think of handling real hardware device nodes is a
tmpfs (acting like devtmpfs) mounted on /dev in the containers mount
namespace, but also visible outside to the global root mounted somewhere
interesting. We have a fuse filesystem pretending to be sysfs and
relaying file accesses from the real sysfs for just the devices that we
want to allow to that container.

Then to add a device in a container the managing daemon makes the
devices available in the pretend sysfs, calls mknod on the tmpfs
and fakes the uevents.

The only case I don't see that truly covering is keeping the stat data
the same for files of migrated applications. Shrug perhaps that will
just have to be handled with another synthesized uevent. Hey userspace I
just hot-unplugged and hot-plugged your kernel please cope.

Eric

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Eric W. Biederman: "Re: Controlling devices and device namespaces"
Previous message: Sasha Levin: "Re: [PATCH v5] hashtable: introduce a small and naive hashtable"
In reply to: Alan Cox: "Re: Controlling devices and device namespaces"
Next in thread: Eric W. Biederman: "Re: Controlling devices and device namespaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]