Received: by 2002:a05:6358:489b:b0:bb:da1:e618 with SMTP id x27csp1938743rwn; Fri, 9 Sep 2022 06:25:17 -0700 (PDT) X-Google-Smtp-Source: AA6agR53UjcIr3NJ1R4AkZH76NAstN3YyMAXd65fw8xTzFoIcu8eNV1gpYeMpqTmmPldJR8ZCHmN X-Received: by 2002:a05:6402:51d1:b0:44b:ea34:6c0a with SMTP id r17-20020a05640251d100b0044bea346c0amr11304136edd.369.1662729917404; Fri, 09 Sep 2022 06:25:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1662729917; cv=none; d=google.com; s=arc-20160816; b=bbMYZ6SByQKgqBdTOhRS/PlI+ILhaR4lggGGKt50pgCjgGydxf4n+EXhSKTrhRVw+V hGlJurIxGgs/0n6cXYKD9Qs4AnHMMqhWWnLOlwe4kqCmnAPy7ROUS8ksWPnAIYB2/9/I 1Q3GD9Ih1e5PTg0SEYyapRHCP2xbTOm5vQKNzD6zs3dQtalq8HeO3qJowogYpdpITUsu X4+7H1V6liEzcrnO0DUNKZ2si/Pc0xsOX86ubXim81hi1hEJD2MGR1KHjPgDa4nXOPNP YxY4mqQZCWsNKZJMW6aePrjBHNbiOpgXAqO4kMfDtRl6f7GCmCgjaFNRDdQYxHum4v9D Vs4Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:from:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:date :dkim-signature:dkim-filter; bh=rJg8KreJCBLlbOSbA81HfdmeNkeHmTjwnB8MS5F2HS8=; b=IiNRbntZXtikqMRW4BZaVzXLstN5/hCKBoQlNA0+DvIMbRJmvz7rIl523NbY5A7k1X xd5T1GF0RX0ZFznAXVfM0mtZlo8pLAuJnkvvVtgpAa2DE1GIKTqr/JNdLhDZ8U8Caga7 FRtsAUdN4OiwHanP/fdAvI8xigKr2FkCImFzv2br6PQpxaGR15quHFOLv8iAcBuHbXnV fgLzy+Y4V9Faln7X38mZycWtwniT3tPw7FPRV5z73fgEIZKXMZUpITL2D2h7+7f85E82 vO6c9GDl/esle3opNUDJbnbnO3JoCYrM1m8CaK4UZVH7S6QJoDKdTwTpu9SJUbC9qPYh 8G1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=Napy9rfH; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fieldses.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id s5-20020a170906c30500b0073dced72063si375187ejz.570.2022.09.09.06.24.44; Fri, 09 Sep 2022 06:25:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@fieldses.org header.s=default header.b=Napy9rfH; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=fieldses.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230320AbiIINN6 (ORCPT + 99 others); Fri, 9 Sep 2022 09:13:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33888 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229962AbiIINN5 (ORCPT ); Fri, 9 Sep 2022 09:13:57 -0400 Received: from fieldses.org (fieldses.org [IPv6:2600:3c00:e000:2f7::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 98C5A3719E; Fri, 9 Sep 2022 06:13:56 -0700 (PDT) Received: by fieldses.org (Postfix, from userid 2815) id 130792045; Fri, 9 Sep 2022 09:13:56 -0400 (EDT) DKIM-Filter: OpenDKIM Filter v2.11.0 fieldses.org 130792045 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fieldses.org; s=default; t=1662729236; bh=rJg8KreJCBLlbOSbA81HfdmeNkeHmTjwnB8MS5F2HS8=; h=Date:To:Cc:Subject:References:In-Reply-To:From:From; b=Napy9rfH0y46dso4O3L1OjcbWruSJc1fI+BPvZBW2P6SCYKi49faWIXUmnvZWENBc n/u3lq/6R1MnQxJLEJQeNe6riBIdiMYkWu4j4qSHm7nsFQkgKD7YKmdLMRPv2ETv5f wPNsJb82RZV6gHlkBnKtD8kAEXVaY5gDbjAqzjdI= Date: Fri, 9 Sep 2022 09:13:55 -0400 To: Theodore Ts'o Cc: Chuck Lever III , battery dude , Linux NFS Mailing List , linux-fsdevel , "linux-security-module@vger.kernel.org" , "selinux@vger.kernel.org" Subject: Re: Does NFS support Linux Capabilities Message-ID: <20220909131355.GA5674@fieldses.org> References: <1D8F1768-D42A-4775-9B0E-B507D5F9E51E@oracle.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) From: bfields@fieldses.org (J. Bruce Fields) X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Fri, Sep 09, 2022 at 05:23:46AM -0400, Theodore Ts'o wrote: > On Thu, Sep 08, 2022 at 08:24:02PM +0000, Chuck Lever III wrote: > > Given these enormous challenges, who would be willing to pay for > > standardization and implementation? I'm not saying it can't or > > shouldn't be done, just that it would be a mighty heavy lift. > > But maybe other folks on the Cc: list have ideas that could > > make this easier than I believe it to be. > > ... and this is why the C2 by '92 initiative was doomed to failure, > and why Posix.1e never completed the standardization process. :-) > > Honestly, capabilities are super coarse-grained, and I'm not sure they > are all that useful if we were create blank slate requirements for a > modern high-security system. So I'm not convinced the costs are > sufficient to balance the benefits. I seem to recall the immediate practical problem people have hit is that some rpms will fail if it can't set file capabilities. So in practice NFS may not work any more for root filesystems. Maybe there's some workaround. Taking a quick look at my laptop, there's not as many as I expected: [root@parkour bfields]# getcap -r /usr /usr/bin/arping cap_net_raw=p /usr/bin/clockdiff cap_net_raw=p /usr/bin/dumpcap cap_net_admin,cap_net_raw=ep /usr/bin/newgidmap cap_setgid=ep /usr/bin/newuidmap cap_setuid=ep /usr/sbin/mtr-packet cap_net_raw=ep /usr/sbin/suexec cap_setgid,cap_setuid=ep --b.