From: "Ludovic Courtès" <ludo@gnu.org>
To: Giacomo Leidi <goodoldpaul@autistici.org>
Cc: 72337@debbugs.gnu.org
Subject: [bug#72337] Add /etc/subuid and /etc/subgid support
Date: Thu, 19 Sep 2024 13:14:57 +0200 [thread overview]
Message-ID: <87ploz7v4e.fsf_-_@gnu.org> (raw)
In-Reply-To: <2771695a2527240c89c0ba6879aeda0d4ab840ab.1725742309.git.goodoldpaul@autistici.org> (Giacomo Leidi's message of "Sat, 7 Sep 2024 22:51:48 +0200")
Giacomo Leidi <goodoldpaul@autistici.org> skribis:
> This commit adds allocation logic for subid ranges. Subid ranges are
> ranges of contiguous subids that are mapped to a user in the host
> system. This patch implements a flexible allocation algorithm allowing
> users that do not want (or need) to specify details of the subid ranges
> that they are requesting to avoid doing so, while upholding requests of
> users that need to have specific ranges.
>
> * gnu/build/accounts.scm (list-set): New variable;
> (%subordinate-id-min): new variable;
> (%subordinate-id-max): new variable;
> (%subordinate-id-count): new variable;
> (subordinate-id?): new variable;
> (within-interval?): new variable;
> (insert-subid-range): new variable;
> (reserve-subids): new variable;
> (range->entry): new variable;
> (entry->range): new variable;
> (allocate-subids): new variable;
> (subuid+subgid-databases): new variable.
>
> * gnu/system/accounts.scm (subid-range-end): New variable;
> (subid-range-has-start?): new variable;
> (subid-range-less): new variable.
>
> * test/accounts.scm: Test them.
>
> Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d
> Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
[...]
> +(define (vlist-set vlst el k)
> + (if (>= k (vlist-length vlst))
> + (vlist-append vlst (vlist-cons el vlist-null))
> + (vlist-append
> + (vlist-take vlst k)
> + (vlist-cons el (vlist-drop vlst k)))))
So hmm, this is not great either because the ‘else’ branch has linear
complexity.
I don’t think there’s a good persistent data structure for this in Guile
unfortunately. Again maybe plain lists or vlists are okay *if* we know
the lists are going to be small, but there needs to be a comment stating
it.
> +(define-condition-type &subordinate-id-range-error &subordinate-id-error
> + subordinate-id-range-error?
> + (message subordinate-id-range-error-message)
> + (ranges subordinate-id-range-error-ranges))
Remove ‘message’ from here. If we want a human-readable message, we can
always raise a “compound error condition” that combines
‘&subordinate-id-range-error’ and ‘&message’.
But I’m not sure we want messages anyway; I think we should focus on
ensuring ‘&subordinate-id-range-error’ has all the info.
> +(define (insert-subid-range range vlst)
> + "Allocates a range of subids in VLST, based on RANGE. Ranges
> +that do not explicitly specify a start subid are fitted based on
> +their size. This procedure assumes VLIST is sorted by SUBID-RANGE-LESS and
> +that all VLST members have a start."
I’m not convinced by the use of (v)lists and the lack of abstraction
here.
How about having a tree along these lines:
(define-record-type <unused-subuid-range>
(unused-subuid-range left min max right)
unused-subuid-range?
(left unused-subuid-range-left) ;previous unused subuid range or #f
(min unused-subuid-range-min) ;lower bound of this unused subuid range
(max unused-subuid-range-max) ;upper bound
(right unused-subuid-range-right)) ;next unused subuid range or #f
We’d start with:
(unused-subuid-range #f %subordinate-id-min %subordinate-id-max #f)
Then, when consuming “to the left”, we’d add a child there, and so on.
Searching for an available range would be logarithmic.
Does that make sense?
(I’m really thinking out loud, this probably needs more thought.)
> +(let ((inputs+currents
> + (list
> + (list
> + "ranges must have start"
> + (list (subid-range (name "m")))
> + (list (subid-range (name "x")))
> + "Loaded ranges are supposed to have a start, but at least one does not.")
> + (list
> + "ranges must fall within allowed max min subids"
> + (list (subid-range (name "m")
> + (start (- %subordinate-id-min 1))
> + (count
> + (+ %subordinate-id-max %subordinate-id-min))))
> + (list
> + (subid-range (name "root") (start %subordinate-id-min)))
> + "Subid range of m from 99999 to 600299998 spans over illegal subids. Max allowed is 600100000, min is 100000."))))
> +
> + ;; Make sure it's impossible to explicitly request impossible allocations
> + (for-each
> + (match-lambda
> + ((test-name ranges current-ranges message)
> + (test-assert (string-append "allocate-subids, impossible allocations - "
> + test-name)
> + (guard (c ((and (subordinate-id-range-error? c)
> + (string=? message (subordinate-id-range-error-message c)))
> + #t))
> + (allocate-subids ranges current-ranges)
> + #f))))
> + inputs+currents))
This is hard to read. It might be best to unroll the loop?
Also, I would check for ‘&subordinate-id-range-error’ details than for
messages: messages are for human beings, not for automated tests.
Thoughts?
Thanks,
Ludo’.
next prev parent reply other threads:[~2024-09-19 11:16 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-28 15:25 [bug#72337] Add /etc/subuid and /etc/subgid support paul via Guix-patches via
2024-07-28 15:29 ` [bug#72337] [PATCH 1/3] accounts: " Giacomo Leidi via Guix-patches via
2024-07-28 15:29 ` [bug#72337] [PATCH 2/3] account: Add /etc/subid and /etc/subgid allocation logic Giacomo Leidi via Guix-patches via
2024-07-28 15:29 ` [bug#72337] [PATCH 3/3] system: Add /etc/subuid and /etc/subgid support Giacomo Leidi via Guix-patches via
2024-08-19 21:32 ` [bug#72337] " paul via Guix-patches via
2024-08-20 22:12 ` paul via Guix-patches via
2024-08-19 22:08 ` [bug#72337] [PATCH v2 1/3] accounts: " Giacomo Leidi via Guix-patches via
2024-08-19 22:08 ` [bug#72337] [PATCH v2 2/3] account: Add /etc/subid and /etc/subgid allocation logic Giacomo Leidi via Guix-patches via
2024-08-19 22:08 ` [bug#72337] [PATCH v2 3/3] system: Add /etc/subuid and /etc/subgid support Giacomo Leidi via Guix-patches via
2024-08-20 22:14 ` [bug#72337] [PATCH v3 1/3] accounts: " Giacomo Leidi via Guix-patches via
2024-08-20 22:14 ` [bug#72337] [PATCH v3 2/3] account: Add /etc/subid and /etc/subgid allocation logic Giacomo Leidi via Guix-patches via
2024-09-04 21:00 ` [bug#72337] Add /etc/subuid and /etc/subgid support Ludovic Courtès
2024-08-20 22:14 ` [bug#72337] [PATCH v3 3/3] system: " Giacomo Leidi via Guix-patches via
2024-09-04 21:20 ` [bug#72337] " Ludovic Courtès
2024-09-07 20:44 ` paul via Guix-patches via
2024-09-04 20:34 ` Ludovic Courtès
2024-09-07 20:51 ` [bug#72337] [PATCH v4 1/3] accounts: " Giacomo Leidi via Guix-patches via
2024-09-07 20:51 ` [bug#72337] [PATCH v4 2/3] account: Add /etc/subid and /etc/subgid allocation logic Giacomo Leidi via Guix-patches via
2024-09-19 11:14 ` Ludovic Courtès [this message]
2024-09-07 20:51 ` [bug#72337] [PATCH v4 3/3] system: Add /etc/subuid and /etc/subgid support Giacomo Leidi via Guix-patches via
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ploz7v4e.fsf_-_@gnu.org \
--to=ludo@gnu.org \
--cc=72337@debbugs.gnu.org \
--cc=goodoldpaul@autistici.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).