From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 779605A005E
	for <passt-dev@passt.top>; Tue, 11 Oct 2022 07:40:26 +0200 (CEST)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4Mml446Mfwz4xGR; Tue, 11 Oct 2022 16:40:20 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1665466820;
	bh=6D9uG6mQFDkWub4IcvnR1dazqV6to3Ild7VD5Syvq1w=;
	h=From:To:Cc:Subject:Date:From;
	b=NrL96wDAYaWgr3BgmL1EJ+ybrLnxdctsA1D9zXohcJcA1OlkEEUvyGsX++TP5ofdY
	 73p0Xu8O4+2fuNJI06CyGFH+8FoVgfR0c9rVnORzPpxzIUltMixq15mMx6hjp2gICT
	 BjcL6+Kfl+lW+MPSQmz2458fBL1kDU0+NnAZfwxs=
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: [PATCH 00/10] Fixes and cleanups for capability handling
Date: Tue, 11 Oct 2022 16:40:08 +1100
Message-Id: <20221011054018.1449506-1-david@gibson.dropbear.id.au>
X-Mailer: git-send-email 2.37.3
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Message-ID-Hash: QIAZOUQECMCZAVPFWDAQFSVACROJQ5AZ
X-Message-ID-Hash: QIAZOUQECMCZAVPFWDAQFSVACROJQ5AZ
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top, David Gibson <david@gibson.dropbear.id.au>
X-Mailman-Version: 3.3.3
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <>
Archived-At: <https://archives.passt.top/passt-dev/20221011054018.1449506-1-david@gibson.dropbear.id.au/>
List-Archive: <>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>

Our current handling of capabilities isn't quite right.  In
particular, drop_caps() attempts to remove capabilities from the
bounding set, which usually won't work, and even if it does won't have
the effect we want.

This series corrects that, as well as making some other fixes and
cleanups in adjacent code.

David Gibson (10):
  test: Move slower tests to end of test run
  pasta: More general way of starting spawned shell as a login shell
  pasta_start_ns() always ends in parent context
  Remove unhelpful drop_caps() call in pasta_start_ns()
  Clarify various self-isolation steps
  Replace FWRITE with a function
  isolation: Replace drop_caps() with a version that actually does
    something
  isolation: Prevent any child processes gaining capabilities
  isolation: Only configure UID/GID mappings in userns when spawning
    shell
  Rename pasta_setup_ns() to pasta_spawn_cmd()

 conf.c      |   3 +-
 isolation.c | 199 ++++++++++++++++++++++++++++++++++++++++++++++------
 isolation.h |   6 +-
 passt.c     |   8 +--
 pasta.c     |  72 +++++++++++--------
 pasta.h     |   3 +-
 test/run    |  20 +++---
 util.c      |  33 +++++++++
 util.h      |  13 +---
 9 files changed, 275 insertions(+), 82 deletions(-)

-- 
2.37.3