Re: Dilemma using ostree as regular user, losing permission bits

From: Colin Walters <walters verbum org>
To: Tristan Van Berkom <tristan vanberkom codethink co uk>, ostree-list gnome org
Subject: Re: Dilemma using ostree as regular user, losing permission bits
Date: Thu, 08 Jun 2017 13:08:20 -0400

On Thu, Jun 8, 2017, at 07:21 AM, Tristan Van Berkom wrote:


Related to the following, I have one question: is there currently any
way in the OSTree public API to read the real uids/gids and file
attributes of an entire tree, without actually checking out the tree ?


Yep, see the source code to `ostree ls`.

As I understand it, running the `mkfs -d` with the LD_PRELOAD in place
will simply cause mkfs to create a filesystem image with the intended
file attributes instead of the ones really on the rootfs.


Ah.  Well, indeed, one approach would be to create a copy of `mkfs`
which linked to libostree.   It'd probably need to be a build-time option
upstream for e2fsprogs?  

This approach in general is going to be limited because not every mkfs
supports -d (notably, xfs doesn't seem to).

Probably the most sustainable solution is something like a program
that links to both libostree and:
https://lwn.net/Articles/662953/
However, I don't know the status of LKL.

I may be wrong but I think the guest mount with libguestfs will still
have the same security concern of owning setuid binaries, however
guestfish will allow you to script the filesys modifications without
ever exposing a mount (I started down this road a couple months ago but
found that producing libguestfs from scratch, without "being a distro"
required too much effort in the short term at least, but I very much
like the model).


One major problem with libguestfs for us was
https://bugzilla.redhat.com/show_bug.cgi?id=1060423
That might not apply to you though if you're not building SELinux-enabled
systems.

Big picture I'm unlikely to actively work on any near-term improvements here
myself, since what we have with Anaconda works.  But I'd definitely review
any patches to libostree and happy to talk architecture.
(Maybe we should have an "image building guide" in libostree with links tips&tricks?)

That said, assuming we have API to read what the attributes are as a
regular user, without needing to checkout; there are surely a hand full
of tricks we can play indeed.


Indeed, you do (it's `ostree_repo_read_commit()`).  It even works
for `archive` repos, although if you're going to be doing a lot of reading/writing
I think it makes sense to use a bare-user working repo, and only export
to archive when complete.

References:
- Dilemma using ostree as regular user, losing permission bits
  - From: Tristan Van Berkom
- Re: Dilemma using ostree as regular user, losing permission bits
  - From: Colin Walters
- Re: Dilemma using ostree as regular user, losing permission bits
  - From: Tristan Van Berkom
- Re: Dilemma using ostree as regular user, losing permission bits
  - From: Tristan Van Berkom
- Re: Dilemma using ostree as regular user, losing permission bits
  - From: Colin Walters
- Re: Dilemma using ostree as regular user, losing permission bits
  - From: Tristan Van Berkom

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]