Received: by 2002:a05:6a11:4021:0:0:0:0 with SMTP id ky33csp628106pxb; Wed, 15 Sep 2021 09:29:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxQPGkz7CKh9ITsX7IhXDivrjMFQup2sJ02zMSXdEVHR+cf5PVPBb/bqlrujKXk6l215/RI X-Received: by 2002:a02:7b01:: with SMTP id q1mr719639jac.81.1631723395861; Wed, 15 Sep 2021 09:29:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631723395; cv=none; d=google.com; s=arc-20160816; b=BGmM08uybiBvc03xBo07RSjZjBicSRhatNWcKBE2w1Gvj2Jfxht5xu1LkXqg7+OS32 YnCNukwSVs1yNzcoEr8H592JrgNC8oM0bkPGEaybuC7T0J9dEkGYBTiRn7SQ9e3BcoQp 3icEehScI8zlvU6pQkTjdWlb913Obn8ufdcgQ6sObiV/o7ziKgAYkAOa295BdjLYvZpO 6nuRJn40HpgW9wgIspBhhF3fG+YZjgfHDnSY7lNI3kMNI+FqM9YXBb4gfjUI5yl/un5t AJvTlfol5TmzwUzRH/ZLmhUg0PDcHO3WTXLNTq9NqQ1p2aH/t/4gPMXD0r5h+OWzcBIR ph2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:dkim-signature:date; bh=GEZO3FLIQDktkQr+n9p6aOnod9hLNtfhgJArljtkqII=; b=ziCB4aq3FVLQ7eFhiuXwnX9y9u/kq1rDmRGSUOY/7CW7lEVW/FvTCE9fxxNRGDKAys 4is+yknoWbIqy9vo53nfwBHaJwGed/HFytADtgZlt8FCOjkCvFNsnt5XjGsARk0hQNWJ XZtBkYxT3irnFGOBDua7WEG3+gzf266U7EPXvHGn1MGEWK4/bnI+ZXm+G1F1v3UvUVFV qpGlGEgfP5/VmQkVnxt2AzoTcfmxxNx/z29RjYq/4bRNXwCSN2/jZuwS5HFsyhZ1iAZw OiqUo0Q+aEvIRnuC90dkoWPO7+8oluywTy7L1AastEE2Sdqxs5D25UR9aKIBiEkHP1Ep U2yw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@t-8ch.de header.s=mail header.b=XEHY0vzq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q12si343205ilg.117.2021.09.15.09.29.41; Wed, 15 Sep 2021 09:29:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@t-8ch.de header.s=mail header.b=XEHY0vzq; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229528AbhIOQ3t (ORCPT + 99 others); Wed, 15 Sep 2021 12:29:49 -0400 Received: from todd.t-8ch.de ([159.69.126.157]:48505 "EHLO todd.t-8ch.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229465AbhIOQ3s (ORCPT ); Wed, 15 Sep 2021 12:29:48 -0400 Date: Wed, 15 Sep 2021 18:28:27 +0200 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=t-8ch.de; s=mail; t=1631723308; bh=dbAIiQiQdYvDGfliNcf8DfQWjajin51kvD7oakmxX5I=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=XEHY0vzqiTS8z12ahdrEV+NIy3YCtoKwBuoPk6FNy9X/WLW2MrgtugQlFF7NS0V8Q QrI2f6OFli2GTcui1cSK2qshRgAnaUAAGshAF0yUjPjkg2XI7n9axlvIfFP604U6uN Y54kEZzQY1KPNx8Mq+uwk1XIRFVfj9AjRDRQoGrg= From: Thomas =?utf-8?Q?Wei=C3=9Fschuh?= To: Greg KH Cc: linux-api@vger.kernel.org, linux-kernel@vger.kernel.org, Luis Chamberlain , Jessica Yu Subject: Re: [RFC] Expose request_module via syscall Message-ID: <3750b26b-f12e-4d05-b369-84e4c0ca95ee@t-8ch.de> References: <705fde50-37a6-49ed-b9c2-c9107cd88189@t-8ch.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2021-09-15T18:02+0200, Greg KH wrote: > On Wed, Sep 15, 2021 at 05:49:34PM +0200, Thomas Weißschuh wrote: > > Hi, > > > > I would like to propose a new syscall that exposes the functionality of > > request_module() to userspace. > > > > Propsed signature: request_module(char *module_name, char **args, int flags); > > Where args and flags have to be NULL and 0 for the time being. > > > > Rationale: > > > > We are using nested, privileged containers which are loading kernel modules. > > Currently we have to always pass around the contents of /lib/modules from the > > root namespace which contains the modules. > > (Also the containers need to have userspace components for moduleloading > > installed) > > > > The syscall would remove the need for this bookkeeping work. > > So you want any container to have the ability to "bust through" the > containers and load a module from the "root" of the system? Only those with CAP_SYS_MODULE. Having this capability would also allow them load the module normally when mounted in or potentially downloaded from the internet. > That feels dangerous, why not just allow a mount of /lib/modules into > the containers that you want to be able to load a module? This is what we are currently doing. But sometimes this gets forgotten at some point in the chain of nested containers/namespaces and things break. > Why are modules somehow "special" here, they are just a resource that > has to be allowed (or not) to be accessed by a container like anything > else on a filesystem. They are special insofar as they always have to match the running kernel. Which is managed by the root namespace. The biggest problems would probably arise if the root namespace has non-standard modules available which the container would normally not have access to. I think this is a big potential problem and which would not be justified by the quality of life improvement. Sorry for the noise. Thomas