Re: [LSF TOPIC] beyond uidmapping, & towards a better security model

From: Matthew Wilcox
Date: Tue Feb 20 2024 - 20:23:08 EST


On Tue, Feb 20, 2024 at 07:25:58PM -0500, Kent Overstreet wrote:
> But there's real advantages to getting rid of the string <-> integer
> identifier mapping and plumbing strings all the way through:
>
> - creating a new sub-user can be done with nothing more than the new
> username version of setuid(); IOW, we can start a new named subuser
> for e.g. firefox without mucking with _any_ system state or tables
>
> - sharing filesystems between machines is always a pita because
> usernames might be the same but uids never are - let's kill that off,
> please

I feel like we need a bit of a survey of filesystems to see what is
already supported and what are desirable properties. Block filesystems
are one thing, but network filesystems have been dealing with crap like
this for decades. I don't have a good handle on who supports what at
this point.

As far as usernames being the same ... well, maybe. I've been willy,
mrw103, wilma (twice!), mawilc01 and probably a bunch of others I don't
remember. I don't think we'll ever get away from having a mapping
between different naming authorities.