From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from simark.ca by simark.ca with LMTP id LbBPIn9dWWhtsBoAWB0awg (envelope-from ) for ; Mon, 23 Jun 2025 09:58:23 -0400 Authentication-Results: simark.ca; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Oknb/G6J; dkim-atps=neutral Received: by simark.ca (Postfix, from userid 112) id 74DCE1E11C; Mon, 23 Jun 2025 09:58:23 -0400 (EDT) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on simark.ca X-Spam-Level: X-Spam-Status: No, score=-10.1 required=5.0 tests=ARC_SIGNED,ARC_VALID, BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU, MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE autolearn=ham autolearn_force=no version=4.0.1 Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (prime256v1) server-digest SHA256) (No client certificate requested) by simark.ca (Postfix) with ESMTPS id 75E1A1E0C2 for ; Mon, 23 Jun 2025 09:58:22 -0400 (EDT) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 03563384F00B for ; Mon, 23 Jun 2025 13:58:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 03563384F00B Authentication-Results: sourceware.org; dkim=pass (1024-bit key, unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=Oknb/G6J Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTP id 6BCD9384F485 for ; Mon, 23 Jun 2025 13:56:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6BCD9384F485 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6BCD9384F485 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1750687014; cv=none; b=BS13PNcObJMzrhFrQR4S9CznTlWyGQwIIrY/Cg2pSY5A0mnpibDM4LWVKnAlKtaojwwavoKlStvyg3pv92ptd90TSkrf+cVjQAYyMKdXuR9ZBaV0W8wwBG0H02hp9NylfechpYNQYqpdL0pVGFlZB4i8l51YMNWzMSLK97tr6ns= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1750687014; c=relaxed/simple; bh=jDQIWBuWtL21z2WfPKjuk7CJ+5ZAo4gXU+3q0hq7gfU=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=bbY8nSX+4+K88CP6tnLp/yRe3BH7rf0RwWK96Y/iP+qB3JfNPb/t5iXpw8yJeKjegQbQPctYItiZ5ksqQLiybv/RTBo0HH5ameRbWVfoJ3QxhxU8HCiMTSc6OXTHI/HBT0GUxSLig/XaJWidXUUrK5AUBK6tKQD9ZnovbSfI2l8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6BCD9384F485 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1750687014; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Ev1HABsCiAXXPHzQMK1mm0QmJzlICb8lhxbSktb1htA=; b=Oknb/G6JB5+UccOrsxdNQPt0uHZxjrQLnaAD5yhjGaxQKaPur86Tpp2/1N3joj2+rmxb8e KYRMqll5jQybgQjmToBN7LNpTERTbynnIikgJaZ5oFtCIhw08jF32zkwyh7Ct39RMyPAXy 5m++uGIWMAy5FhJPllpPfc2aOStVdO4= Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-58-cplhVG5VODu6PEwmBHppXw-1; Mon, 23 Jun 2025 09:56:53 -0400 X-MC-Unique: cplhVG5VODu6PEwmBHppXw-1 X-Mimecast-MFC-AGG-ID: cplhVG5VODu6PEwmBHppXw_1750687012 Received: by mail-wm1-f72.google.com with SMTP id 5b1f17b1804b1-43eed325461so25588365e9.3 for ; Mon, 23 Jun 2025 06:56:52 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1750687011; x=1751291811; h=mime-version:message-id:date:references:in-reply-to:subject:cc:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=Ev1HABsCiAXXPHzQMK1mm0QmJzlICb8lhxbSktb1htA=; b=GZ+YRiadBkRvEF2f655SwQ224watFu55EUkIKZ8sr48FmMsJ0bnK1W1Ku1knwTsnes smlLtvGTPKZZLvHPG4wCTbiocwE1vKAQDoRi/1uA396m5uifqPXRB9bgX+Z1zPIsK0v5 kLljzlExm5Us0mMb+QaPGZ79eCIm6oE8Hi2/LLbqxTfnz7XU8lum9kKk1y83fzkbU+Nb PFhthtuN27qjAuhIfgVOgvkrmXaZXo6D+1+8cVxa/Ob9DovvxGco1zEFjmgIMXGOHYEu fD+zIW6pvgKp4HxlsdCnezPjezmQkMNTXCP0r23ekkbCsItGwxhJ+Fdcg1pK7zgLaGAX lHbQ== X-Gm-Message-State: AOJu0YxB36avmS+CMjZaNv2tRIVghxFSpfMMCf1TtoM9ZinrbuJpYJG2 Xys6VfT51htBE2sHzVgnsbPcQoW5AjJgyPuNlTjHehr3BzcQMDnWoQGGa+T32GveCp7r+5uAt25 k4Qwb3kahlii5XOT9Mu3Re3e4k8bW3THwIVhbibf9yGHUcer0g+MCsAQzQ8TBwLlCIy+wGJDLfe 45SPzEbI5P/99F8ON+tIuNxQrGlr1yyZBLPR6M7P/MborX5vg= X-Gm-Gg: ASbGncvAIZ0q2yzFxhw4l5d2R98EPi35Ko9LZWPy31VGeo7Dy7DvC4m2GV9Y+08ApnZ WbTRyEmWiES/2lR09aWxVE5eUlcKIeessUD8jZ0vtf0rnx88x4JqmeDAWIJ5MgJrrGm24oaHJHd FPwu8IR7oOZbDR1dgZsRW2Y4oPKEDX1fSkK51KLOZXa4sqdfWlJdIbUZlAPUeeCMcMrf4iqGKUS dkOcNNu0Ob5FPKBlo4NLEPL20HvVRmqNYi4pL2Ap9az+VbGQnHpXrnk7TWdrU5TF6XRH2GY5YuM SSoEj8b9vcbDFHj5bFLGB/4MS6do4kJGO2nl9qrmsfwP5M0= X-Received: by 2002:a05:600c:4f94:b0:442:d9fb:d9f1 with SMTP id 5b1f17b1804b1-453659c4077mr118639265e9.4.1750687011495; Mon, 23 Jun 2025 06:56:51 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEhva7ymIrt7XSdRB7YvgrpkAJBWG9D0G1ZUDf8ThndJMYaG2jB7t/yd+Km9jx5SQ2oFcvASg== X-Received: by 2002:a05:600c:4f94:b0:442:d9fb:d9f1 with SMTP id 5b1f17b1804b1-453659c4077mr118639055e9.4.1750687011016; Mon, 23 Jun 2025 06:56:51 -0700 (PDT) Received: from localhost (75.226.159.143.dyn.plus.net. [143.159.226.75]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a6d1187ef4sm9651461f8f.68.2025.06.23.06.56.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 23 Jun 2025 06:56:50 -0700 (PDT) From: Andrew Burgess To: gdb-patches@sourceware.org Cc: Benjamin Berg Subject: Re: [PATCHv3] gdb: linux-namespaces: enter user namespace when appropriate In-Reply-To: References: <824ee908821f07452286730643c1efd5f8b01eb2.1749741769.git.aburgess@redhat.com> Date: Mon, 23 Jun 2025 14:56:50 +0100 Message-ID: <87qzzak1ct.fsf@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: FrprPY7p1qtD4AcLgtffPLTFyr4d3jCHZJlee8eQqSg_1750687012 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-BeenThere: gdb-patches@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gdb-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gdb-patches-bounces~public-inbox=simark.ca@sourceware.org Andrew Burgess writes: > From: Benjamin Berg > > In v2: > > - Update the test to ignore a warning seen when running the test on > a machine with libc debug information installed, but without the > libc source being available, e.g.: > > warning: 46 ../sysdeps/unix/sysv/linux/arm/libc-do-syscall.S: No such file or directory > > This was causing some CI failures to be reported from Linaro. > > - Rebased to current upstream/master. > > In v3: > > - Same as V2, but fix the test pattern correctly this time. > > -- > > The use of user namespaces is required for normal users to use mount > namespaces. Consider trying this as an unprivileged user: > > $ unshare --mount /bin/true > unshare: unshare failed: Operation not permitted > > The problem here is that an unprivileged user doesn't have the > required permissions to create a new mount namespace. If, instead, we > do this: > > $ unshare --mount --map-root-user /bin/true > > then this will succeed. The new option causes unshare to create a > user namespace in which the unprivileged user is mapped to UID/GID 0, > and so gains all privileges (inside the namespace), the user is then > able to create the mount namespace as required. > > So, how does this relate to GDB? > > When a user attaches to a process running in a separate mount > namespace, GDB makes use of a separate helper process (see > linux_mntns_get_helper in nat/linux-namespaces.c), which will then use > the `setns` function to enter (or try to enter) the mount namespace of > the process GDB is attaching too. The helper process will then handle > file I/O requests received from GDB, and return the results back to > GDB, this allows GDB to access files within the mount namespace. > > The problem here is that, switching to a mount namespace requires that > a process hold CAP_SYS_CHROOT and CAP_SYS_ADMIN capabilities within > its user namespace (actually it's a little more complex, see 'man 2 > setns'). Assuming GDB is running as an unprivileged user, then GDB > will not have the required permissions. > > However, if GDB enters the user namespace that the `unshare` process > created, then the current user will be mapped to UID/GID 0, and will > have the required permissions. > > And so, this patch extends linux_mntns_access_fs (in > nat/linux-namespace.c) to first try and switch to the user namespace > of the inferior before trying to switch to the mount namespace. If > the inferior does have a user namespace, and does have elevated > privileges within that namespace, then this first switch by GDB will > mean that the second step, into the mount namespace, will succeed. > > If there is no user namespace, or the inferior doesn't have elevated > privileges within the user namespace, then the switch into the mount > namespace will fail, just as it currently does, and the user will need > to give elevated privileges to GDB via some other mechanism (e.g. run > as root). > > This work was originally posted here: > > https://inbox.sourceware.org/gdb-patches/20230321120126.1418012-1-benjamin@sipsolutions.net > > I (Andrew Burgess) have made some cleanups to the code to comply with > GDB's coding standard, and the test is entirely mine. This commit > message is also entirely mine -- the original message was very terse > and required the reader to understand how the various namespaces > work and interact. The above is my attempt to document what I now > understand about the problem being fixed. > > I've left the original author in place as the core of the GDB change > itself is largely as originally presented, but any inaccuracies in the > commit message, or problems with the test, are all mine. > > Co-Authored-by: Andrew Burgess I've pushed this patch. The GDB changes have been on the list for a couple of years now, and (except for some comments and formating) are mostly unchanged in my version. My contributions to this work are the test and the commit message. Thanks, Andrew