Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   Chuck Lever III <chuck.lever@oracle.com>
To:     Bruce Fields <bfields@fieldses.org>
CC:     Theodore Ts'o <tytso@mit.edu>, battery dude <jyf007@gmail.com>,
        Linux NFS Mailing List <linux-nfs@vger.kernel.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        "linux-security-module@vger.kernel.org" 
        <linux-security-module@vger.kernel.org>,
        "selinux@vger.kernel.org" <selinux@vger.kernel.org>
Subject: Re: Does NFS support Linux Capabilities
Thread-Topic: Does NFS support Linux Capabilities
Thread-Index: AQHYw36p6D3ymO0jXE6pVWwFMO2Oyq3V+t+AgADZ3ACAAEBOgIAAG/CA
Date:   Fri, 9 Sep 2022 14:53:55 +0000
Message-ID: <2A4AED07-2D8C-420C-9203-A2ABE9EA81E2@oracle.com>
References: <CAMBbDaF2Ni0gMRKNeFTQwgAOPPYy7RLXYwDJyZ1edq=tfATFzw@mail.gmail.com>
 <1D8F1768-D42A-4775-9B0E-B507D5F9E51E@oracle.com> <YxsGIoFlKkpQdSDY@mit.edu>
 <20220909131355.GA5674@fieldses.org>
In-Reply-To: <20220909131355.GA5674@fieldses.org>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?v9W6GYbILKYJXD/+4M1nY/eDkr+Pl2WMx+/llh1p6JYU0KKIzhbIe27Fv+Xm?=
 =?us-ascii?Q?wWnDsg9BCdJbwsGHPytNnCbCNOMV33JRMzFJ1CfK3bR8UU8JH9baNKGI2w7S?=
 =?us-ascii?Q?32lC0m3Fqv0J2wlVWYOooShni+T/wHLVW74hH4YrDe6jJJXOqMp6KyB+Br4p?=
 =?us-ascii?Q?CbOrlKDk2naGlDY36Gma/IpcgHZC8liAgQR3RdSB3a7WupDiq5RMOlhWwvGN?=
 =?us-ascii?Q?HgHh4QQeeZYQak15rCL32VZpbI0m8LhqcPVFr4sN/iBvYtDpLsJuyIbArX8B?=
 =?us-ascii?Q?UNNMbqyrJndz4hFxsQ9jlUsFLZK2CkvovJ3mkWXIjJuKdzHrcPx0grYnguoj?=
 =?us-ascii?Q?pF2e/4AXdRiEZmMFbKmtFpYJNyHQcemXRp+diYtUEAzDgCxD9aCQNkhY+ncl?=
 =?us-ascii?Q?oDd5qQmKytaSiJtctpsP6RO3IK9u8lKU0TQ+Rnh2t/MacHABffMz7cya5LHi?=
 =?us-ascii?Q?x55QN5dbmkMVi8KV6n8X2B8wpg1EvhgMe+cDnrdoNWoIR7bM/c9ST2SnOaUX?=
 =?us-ascii?Q?TrRRMK9AWixNCqwXRpMkm5BCUDI1x3Tqj7vwRd0rNrFt9f4RZR76cf/h1iSe?=
 =?us-ascii?Q?jMqfilMitxBfk2WYDeGdF+UL5RYDxOhwd/P88xCaDxpXk5vydIWWo0SR6heJ?=
 =?us-ascii?Q?k5IrG1EOvMLx+QTmYsLU07JrqqNRX15+BttyhAuRwt9x8CWAebft3w33pdwH?=
 =?us-ascii?Q?NhUxarz+stVuj0U92ZQ1ZjkhnxDNbgAdswF4IDip8U667StizSJkhrjh20hq?=
 =?us-ascii?Q?hsk9tAqUT8CdX2KXCh0J2h3qTltxF0L8lA1pBJ+IX9+3scv7Xt8OEK/KNy7T?=
 =?us-ascii?Q?T3FJee6lxfctmF01oxJVvQxb9JHnCgBB2Khu/gpHhQewTq2tSom/2e5/9Wzy?=
 =?us-ascii?Q?qhJA+HLE8eqkP8xFkVHXP3DuhfKncILOVdW8xGA0Q2K08Mn6huihDVRvOFz9?=
 =?us-ascii?Q?KH5wF5zr1uaGp7ZTe/jQbTAiT1inEOXASOu/YsWrlRe2JHj/AJ74lpKf8RnK?=
 =?us-ascii?Q?JI1juW1ftiHbA+rVmL3wDVV2XEyyAOvPkOkdHeHeI2b6Hu7H7ZZBJQDlICls?=
 =?us-ascii?Q?7KELfQjN0vgBiUSaS091PudLJH3CUy6u6TYMs023cJCttr/8uoOnelz62zBq?=
 =?us-ascii?Q?JKGBrIenmi4B6O1G6Aq8rAj8M1807Tpz2HMU0IHAvfF29CcwZTcklEEKCjdV?=
 =?us-ascii?Q?Gwoe/eLM65XrirOVgazipJpL4N8kjzvZkOFoNSSD3ySGIkKvENxFrSqZYrFy?=
 =?us-ascii?Q?fCv2AhcpV+ZpgldQZ0RY7OUt26Z7mzV+aqigBDcbmS9JUXd5inhDF1m8q8YA?=
 =?us-ascii?Q?h9tyPNqSFV1pglPHeWos9mc5LSAt83K2K866k1QS7kLOknXxp2CSYEAcKqgf?=
 =?us-ascii?Q?BhnXnSdN4il9d8ddPrcDVLXO20UjsWLKmXsXK0ALkLDvSBlOYZdkDwjL5JXT?=
 =?us-ascii?Q?K2rVvkLo2kTuhiSfHxr4IO6OCskMdRQVpU+Fu3cHiwkY5jo/S1l/OZ3BdHVS?=
 =?us-ascii?Q?mccRY1VceONrfV4KnBNrDQPCK85OSF2xCdntLDQktmuQBvDoyhWay5LjKywH?=
 =?us-ascii?Q?QStoFAOPKVDB+i8zptkan1hiWKPJ7rRtz6k17hUdD/XRRVARoiNpa0bVnP4T?=
 =?us-ascii?Q?IA=3D=3D?=
Content-Type: text/plain; charset="us-ascii"
Content-ID: <5473F61FA5B6FC4E85A6A9F8EAA3FB3A@namprd10.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0PR10MB5128.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d6f96510-14ea-4d77-4136-08da92731e9a
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Sep 2022 14:53:55.8510
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: D6SDel5TPt9gpzEw18z4NvQuthgbtdLgwXHDycHZzFA1wYLWe/e16bc0/MfdTS619rqCRCivf+ZJWNNoeLNcTA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR10MB4334
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1
 definitions=2022-09-09_08,2022-09-09_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 mlxlogscore=999
 phishscore=0 mlxscore=0 spamscore=0 malwarescore=0 suspectscore=0
 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1
 engine=8.12.0-2207270000 definitions=main-2209090052
X-Proofpoint-GUID: BEY5naz8geP6eV-DOmS6-SNiS3ymcWoo
X-Proofpoint-ORIG-GUID: BEY5naz8geP6eV-DOmS6-SNiS3ymcWoo
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE
        autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-nfs.vger.kernel.org>
X-Mailing-List: linux-nfs@vger.kernel.org


> On Sep 9, 2022, at 9:13 AM, J. Bruce Fields <bfields@fieldses.org> wrote:
>=20
> On Fri, Sep 09, 2022 at 05:23:46AM -0400, Theodore Ts'o wrote:
>> On Thu, Sep 08, 2022 at 08:24:02PM +0000, Chuck Lever III wrote:
>>> Given these enormous challenges, who would be willing to pay for
>>> standardization and implementation? I'm not saying it can't or
>>> shouldn't be done, just that it would be a mighty heavy lift.
>>> But maybe other folks on the Cc: list have ideas that could
>>> make this easier than I believe it to be.
>>=20
>> ... and this is why the C2 by '92 initiative was doomed to failure,
>> and why Posix.1e never completed the standardization process.  :-)
>>=20
>> Honestly, capabilities are super coarse-grained, and I'm not sure they
>> are all that useful if we were create blank slate requirements for a
>> modern high-security system.  So I'm not convinced the costs are
>> sufficient to balance the benefits.
>=20
> I seem to recall the immediate practical problem people have hit is that
> some rpms will fail if it can't set file capabilities.

Indeed, that is the most common reason for a request to implement
capabilities for NFS files.


> So in practice NFS may not work any more for root filesystems.

"may not work any more" -- well let's be precise. NFS works for root,
but doesn't support distributions that require file capabilities on
certain executables. Thus it cannot be used in those cases.


> Maybe there's some workaround.

The workaround I'm familiar with is to use a local filesystem that
implements extended attributes, but store it on network-attached
block storage (eg iSCSI).


> Taking a quick look at my laptop, there's not as many as I expected:
>=20
> [root@parkour bfields]# getcap -r /usr
> /usr/bin/arping cap_net_raw=3Dp
> /usr/bin/clockdiff cap_net_raw=3Dp
> /usr/bin/dumpcap cap_net_admin,cap_net_raw=3Dep
> /usr/bin/newgidmap cap_setgid=3Dep
> /usr/bin/newuidmap cap_setuid=3Dep
> /usr/sbin/mtr-packet cap_net_raw=3Dep
> /usr/sbin/suexec cap_setgid,cap_setuid=3Dep

Yep, it's still a short list.


--
Chuck Lever