From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id aK7gK1N6ZGAiKgEAgWs5BA (envelope-from ) for ; Wed, 31 Mar 2021 15:34:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id MN3bJVN6ZGAyDwAA1q6Kng (envelope-from ) for ; Wed, 31 Mar 2021 13:34:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3B4DC236F6 for ; Wed, 31 Mar 2021 15:34:11 +0200 (CEST) Received: from localhost ([::1]:45810 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRaz4-0002m4-Cf for larch@yhetil.org; Wed, 31 Mar 2021 09:34:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48282) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lRayx-0002ln-SH for guix-patches@gnu.org; Wed, 31 Mar 2021 09:34:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:42312) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lRayw-0006Kl-VT for guix-patches@gnu.org; Wed, 31 Mar 2021 09:34:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lRayw-0002xe-Qq for guix-patches@gnu.org; Wed, 31 Mar 2021 09:34:02 -0400 Subject: bug#47323: [PATCH] services: export sysctl-configuration record field accessors Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-To: guix-patches@gnu.org Resent-Date: Wed, 31 Mar 2021 13:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: cc-closed 47323 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: muradm Cc: 47323-done@debbugs.gnu.org Mail-Followup-To: 47323@debbugs.gnu.org, ludo@gnu.org, mail@muradm.net Received: via spool by 47323-done@debbugs.gnu.org id=D47323.161719763911359 (code D ref 47323); Wed, 31 Mar 2021 13:34:02 +0000 Received: (at 47323-done) by debbugs.gnu.org; 31 Mar 2021 13:33:59 +0000 Received: from localhost ([127.0.0.1]:53856 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRayt-0002x9-5k for submit@debbugs.gnu.org; Wed, 31 Mar 2021 09:33:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55258) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRayr-0002wu-CM for 47323-done@debbugs.gnu.org; Wed, 31 Mar 2021 09:33:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59838) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRaym-0006DT-5g; Wed, 31 Mar 2021 09:33:52 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=60464 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lRayl-0006Yx-Op; Wed, 31 Mar 2021 09:33:51 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <877dlzb17k.fsf@muradm.net> Date: Wed, 31 Mar 2021 15:33:50 +0200 In-Reply-To: <877dlzb17k.fsf@muradm.net> (muradm's message of "Mon, 22 Mar 2021 19:30:23 +0300") Message-ID: <874kgra1mp.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1617197651; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-to: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post; bh=qgNkJOQ871A6YxwqdW4f8IkSv4p4D4B1SIh8hSSM9Ls=; b=BzJE9N6YoEIRC681xahqK16iSmezQFw87H4/oYe/oyX69APpMRh9GyXDbOBycm9vmyVrUq wvvt2nx54+cJbkrGyjeywxAjWb9kylVD+xTUNpKelTFuZGo9W8gUwKHfFBFG671ysKqWsa PIE9/+rhOI59VvSWKaRZl0BGr9F4AKBMzywRGWP0vmUfjwEyzF9uV+FwT54/AW+3bCQ9Zz 3xZP43nPayI5PoF3pPsXoeUbwu/k+7T1+cPnApTaTduRDaQ8Z5sxKE4AExrhDgY+wVQs+i XXOy321JzlvNgy3XXiSx9zDxWJNDC/pgWws8MHxhVD0qV82jt2o/D3U4+4Ih0g== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1617197651; a=rsa-sha256; cv=none; b=BEXfc0Z3sBrpM6U49VRayqjWB0T26rCxMh50uRePgIJ0uW643lp3RORhYzu+vjaW+YQlvp w+RfAD0XsdVE79y6JzkDn7IKPQFyhwDrmxuQG8TDEPQSTXGwAnUmAHUDluiXzhhWnkhlI/ 447HaZ7B7n8Gssj4MQhbSeFbJKKXPnsR3fYsgh4kU5LvaUWrJoa1inrw/zpXm23TuvYHgl Qj3Lw8/QCuFYdotsb9bjwfeCrK5Nh2jokh8TWZjsN11zbgPHphfa831BS88k0w6wjOcAmj ARvH34tq2sUo05TszyCMl8LQa18j1QqiLFORXBdbIO6e+oZLOQsC8VYAy3IcwA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -2.93 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: 3B4DC236F6 X-Spam-Score: -2.93 X-Migadu-Scanner: scn0.migadu.com X-TUID: R1vbXFNVHNV2 Hi, muradm skribis: >>>From 0928d70c1cd5a98efd7671c05b38757400941790 Mon Sep 17 00:00:00 2001 > From: muradm > Date: Mon, 22 Mar 2021 19:09:48 +0300 > Subject: [PATCH] services: export sysctl-configuration record field acces= sors > > * gnu/services/sysctl.scm (sysctl-configuration-sysctl): new public funct= ion > * gnu/services/sysctl.scm (sysctl-configuration-settings): new public fun= ction > > Signed-off-by: muradm I tweaked the commit log and applied. > As per discussion with Leo on IRC #guix in relation to #47013 and > #47323. > > There is a need to have important sysctl settings > fs.protected_hardlinks and fs.protected_symlinks for all > installations of Guix in the world unless explicitly stated > otherwise. Currently in Linux kernel they are unset by default. It > is also stated that other distributions do the same. > > In perfect world I would go for Solution 1 below, as it is most > effectful, and clean. > > Solution 1: From this statement, it seems that the first resort > whould be Linux kernel it self. If it would be possible to > configure them with Kconfig, that would be best place. As of my > brief look at linux/fs, they are not configurable, but may be I > miss somthing. Any way preferred solution would be just compile > kernel with protected hardlinks and symlinks set to 1. Since other > distributions do the same, it could be reasonable to expose these > two settings via Kconfig, and solve it there. > - pros: great for the world > - cons: have to do enhancement in mainline Linux > > Solution 2: If it is not possible to have these two settings in > kernel as per Solution 1, Guix may maintain a patch to kernel that > would do this. > - pros: no need to enhance mainline Linux > - cons: will impact users who do use Guix and compile Linux kernel > them selves > > Solution 3: Handle in Guix configuration. Everything below related > to solution 3 and current issue #47323. > > Currently it is set as folowing: > > ;; gnu/services/sysctl.scm > (define-module .... > #:export (.... > %default-sysctl-settings) > > (define %default-sysctl-settings > ;; Default kernel parameters enabled with sysctl. > '(("fs.protected_hardlinks" . "1") > ("fs.protected_symlinks" . "1"))) > > (define-record-type* > sysctl-configuration make-sysctl-configuration > sysctl-configuration? > (sysctl sysctl-configuration-sysctl ; path of the 'sysctl' > command > (default (file-append procps "/sbin/sysctl"))) > (settings sysctl-configuration-settings ; alist of string pairs > (default %default-sysctl-settings))) > > ;; ends- gnu/services/sysctl.scm > > And sysctl-service-type it self is added to the > %base-services. Since sysctl-configuration-settings function to > access settings field of sysctl-configuration instance is not > exported, I have to do the following in my configuration: > > (define nomad-gx1-os > (operating-system > (inherit my-base-nomad-os) ;; important line-#1 > ... > (services > (modify-services my-base-nomad-services > (sysctl-service-type config =3D> > (inherit config) > (settings > (append > %default-sysctl-settings ;; from > gnu/services/sysctl.scm > '(("fs.inotify.max_user_watches" . "524288") > ("fs.inotify.max_user_instances" . "16384") > ("fs.inotify.max_queued_events" . "65536"))))))))) > > This is fine, until I extend sysctl-service-type in > my-base-nomad-os. Then I have to export > my-base-nomad-sysctl-settings and join them with > %default-sysctl-settings and extra settings for > nomad-gx1-os. While it is bearable for one or two levels of > inheritance, it becomes hard to keep track for more levels and/or > many hosts. > > If sysctl-configuration-settings would be exported, > then my configuration would become simplier: > > (services > (modify-services my-base-nomad-services > (sysctl-service-type config =3D> > (inherit config) > (settings > (append > (sysctl-configuration-settings config) ;; now I can't > do this > '(("fs.inotify.max_user_watches" . "524288") > ("fs.inotify.max_user_instances" . "16384") > ("fs.inotify.max_queued_events" . "65536"))))))))) > > In this case, if Guix documentation will include > sysctl-configuration-settings, then most likely people won't > forget use %default-sysctl-settings, and it is still possible to > override them if one desires not to use protected symlinks and > hardlinks. Indeed, this is a discussion Leo Famulari and I had while preparing the patch for this security issue. Like you write, there are different tradeoffs, and this solution is one possibility that looked reasonable. Thanks! Ludo=E2=80=99.