From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id cE1iA/AH7GZRDAEA62LTzQ:P1 (envelope-from ) for ; Thu, 19 Sep 2024 11:16:00 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id cE1iA/AH7GZRDAEA62LTzQ (envelope-from ) for ; Thu, 19 Sep 2024 13:16:00 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=mT96h0VN; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=HXCnNvSx; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1726744559; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=1LRtbkEpGgZj++dFcEESbHEiIsR2SsI8trrz3OKJ0gE=; b=dked02Qp5StJQrQnx2Se4gBWKNwozU7cVSR823+9wd9OQJOQuPFh0q43U7ILc1503lsC/h QCBCfD82ftmYM6Ab9hF64Su6InSNuVz9eJBPEKgGBS9Wm+pm/nKEFA+lMtFIHLSve7dvx4 KDAa0ufZG3vabOKuTtTpVZLZCeXvibBR4yACw86bBicatnihR6Or2hl077Jzcf3qYqA3hA 3PMHWbPoY7Cdz8c2JLy4G4YVuvJhD1bkc7LHTEHsL20xgJkYT8jIsLppO9IaMcEqNBr+FS WW+e7r9AaZ/fNE/JeNtssujZVfQKnRVX8u+YWN0jNoohPgO9HPfV1GBh9xBwFw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=mT96h0VN; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=HXCnNvSx; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1726744559; a=rsa-sha256; cv=none; b=kVx/vTuZmhDvXgHMLZG5yn5pBg9vlKsREbRNlsvTyIb0SL+c71F8ALsQi1CzCRQ6bPyvXM 23Xa2n+4w2K9ueKFlR3A4C1EsHFtBFuhxZEbfikGxIOVlvyQtVl17mUELtj3VgvyceX+gw 36IEcxqDWJ8Xv1eq2X6Rp/wLn+4m5c2Hj4VW1dfFOq1F9b5HCpmPaC/pZXgiWRvVD9/AsS sD07RWwiybjMdOPNiDh4wvE+nSjgO39wQhA7sNHm7zE4AJVjtTdU4a/iZ342gpRdNOambV QrLlZKtBaZWIPmGTtWzd9E0tzhVyBLbCdlHbt38BzCBjKhC/P9cpFW9fe7anVg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A178776FDC for ; Thu, 19 Sep 2024 13:15:59 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1srF8U-000537-Ia; Thu, 19 Sep 2024 07:15:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1srF8T-00052r-Ey for guix-patches@gnu.org; Thu, 19 Sep 2024 07:15:45 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1srF8T-00033m-5X for guix-patches@gnu.org; Thu, 19 Sep 2024 07:15:45 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:References:In-Reply-To:From:To:Subject; bh=1LRtbkEpGgZj++dFcEESbHEiIsR2SsI8trrz3OKJ0gE=; b=mT96h0VNCJmxdMJ6wUMi/elYUysqTifQCKmHZ+q746ZN06amou/6rixNxNa9lf76BLkpf3XFgTkQGNz1NThZ4+gdbCrS6c4bLTRhGgxJxMQ0T2IH2zVGRkkOaY4lLQ15paauMbOPyQMehUlRBAQWOqz9jPq2jbm8a4XglVXciAVw4XLTPaODRx5lZRWsNNkuxs2bthQ2HRAgWdVDyNDFwGp7aoKsN4XfJT9Unrd7kSOM2ceMnKG3WnAs2OMetWp8DG4ZWUMF7d6N3DZSIlbM5Td01zWgvfbEA+jXpeZBYDMQZfc3b/LIJExzu5xrVlrXvBEGJO23eHCVQvSyNZ2BKg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1srF8k-0008Qo-4B for guix-patches@gnu.org; Thu, 19 Sep 2024 07:16:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#72337] Add /etc/subuid and /etc/subgid support Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 19 Sep 2024 11:16:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Giacomo Leidi Cc: 72337@debbugs.gnu.org Received: via spool by 72337-submit@debbugs.gnu.org id=B72337.172674452732296 (code B ref 72337); Thu, 19 Sep 2024 11:16:02 +0000 Received: (at 72337) by debbugs.gnu.org; 19 Sep 2024 11:15:27 +0000 Received: from localhost ([127.0.0.1]:59921 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1srF8A-0008NK-Ry for submit@debbugs.gnu.org; Thu, 19 Sep 2024 07:15:27 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59328) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1srF87-0008Hb-OV for 72337@debbugs.gnu.org; Thu, 19 Sep 2024 07:15:25 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1srF7k-0002pO-QC; Thu, 19 Sep 2024 07:15:00 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=1LRtbkEpGgZj++dFcEESbHEiIsR2SsI8trrz3OKJ0gE=; b=HXCnNvSxAS/O2NXrEDxQ ZuvL37JUifYoTmUzE1NeKdDsWtvaC7IBLqQ8alAkWi/Csh26H7I4kagIuqJo5ciyqUMkxoO44UzHD DxIn3HX06fE7ZBbuky++EFtHLrvx7YLC3FJVKeagJcLyuxCTHyLQ2Y0FiwS+u0Tm55dPnjHd839mw X3gnkUeKdLR2Ahff4GJhW9yOORuoJLTBdzlVWL/f3/zfQAR2eTugyiXrWHkES2s7OCVe6FlugetgM 24Y0xVSSpQjOUsQ0F1t0sS31WiJ1IYEefGRW5huUNn7VzBAe4T+sriiY4oaqIFpBloe6ATXQbV+Jc VPPI+nKcwrezsQ==; From: Ludovic =?UTF-8?Q?Court=C3=A8s?= In-Reply-To: <2771695a2527240c89c0ba6879aeda0d4ab840ab.1725742309.git.goodoldpaul@autistici.org> (Giacomo Leidi's message of "Sat, 7 Sep 2024 22:51:48 +0200") References: <8737329a065c5436643c6e5e7d52ec760f069725.1725742309.git.goodoldpaul@autistici.org> <2771695a2527240c89c0ba6879aeda0d4ab840ab.1725742309.git.goodoldpaul@autistici.org> Date: Thu, 19 Sep 2024 13:14:57 +0200 Message-ID: <87ploz7v4e.fsf_-_@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -7.01 X-Spam-Score: -7.01 X-Migadu-Queue-Id: A178776FDC X-Migadu-Scanner: mx10.migadu.com X-TUID: nNd+eDB6eQ7M Giacomo Leidi skribis: > This commit adds allocation logic for subid ranges. Subid ranges are > ranges of contiguous subids that are mapped to a user in the host > system. This patch implements a flexible allocation algorithm allowing > users that do not want (or need) to specify details of the subid ranges > that they are requesting to avoid doing so, while upholding requests of > users that need to have specific ranges. > > * gnu/build/accounts.scm (list-set): New variable; > (%subordinate-id-min): new variable; > (%subordinate-id-max): new variable; > (%subordinate-id-count): new variable; > (subordinate-id?): new variable; > (within-interval?): new variable; > (insert-subid-range): new variable; > (reserve-subids): new variable; > (range->entry): new variable; > (entry->range): new variable; > (allocate-subids): new variable; > (subuid+subgid-databases): new variable. > > * gnu/system/accounts.scm (subid-range-end): New variable; > (subid-range-has-start?): new variable; > (subid-range-less): new variable. > > * test/accounts.scm: Test them. > > Change-Id: I8de1fd7cfe508b9c76408064d6f498471da0752d > Signed-off-by: Giacomo Leidi [...] > +(define (vlist-set vlst el k) > + (if (>=3D k (vlist-length vlst)) > + (vlist-append vlst (vlist-cons el vlist-null)) > + (vlist-append > + (vlist-take vlst k) > + (vlist-cons el (vlist-drop vlst k))))) So hmm, this is not great either because the =E2=80=98else=E2=80=99 branch = has linear complexity. I don=E2=80=99t think there=E2=80=99s a good persistent data structure for = this in Guile unfortunately. Again maybe plain lists or vlists are okay *if* we know the lists are going to be small, but there needs to be a comment stating it. > +(define-condition-type &subordinate-id-range-error &subordinate-id-error > + subordinate-id-range-error? > + (message subordinate-id-range-error-message) > + (ranges subordinate-id-range-error-ranges)) Remove =E2=80=98message=E2=80=99 from here. If we want a human-readable me= ssage, we can always raise a =E2=80=9Ccompound error condition=E2=80=9D that combines =E2=80=98&subordinate-id-range-error=E2=80=99 and =E2=80=98&message=E2=80= =99. But I=E2=80=99m not sure we want messages anyway; I think we should focus on ensuring =E2=80=98&subordinate-id-range-error=E2=80=99 has all the info. > +(define (insert-subid-range range vlst) > + "Allocates a range of subids in VLST, based on RANGE. Ranges > +that do not explicitly specify a start subid are fitted based on > +their size. This procedure assumes VLIST is sorted by SUBID-RANGE-LESS = and > +that all VLST members have a start." I=E2=80=99m not convinced by the use of (v)lists and the lack of abstraction here. How about having a tree along these lines: (define-record-type (unused-subuid-range left min max right) unused-subuid-range? (left unused-subuid-range-left) ;previous unused subuid range or #f (min unused-subuid-range-min) ;lower bound of this unused subuid r= ange (max unused-subuid-range-max) ;upper bound (right unused-subuid-range-right)) ;next unused subuid range or #f We=E2=80=99d start with: (unused-subuid-range #f %subordinate-id-min %subordinate-id-max #f) Then, when consuming =E2=80=9Cto the left=E2=80=9D, we=E2=80=99d add a chil= d there, and so on. Searching for an available range would be logarithmic. Does that make sense? (I=E2=80=99m really thinking out loud, this probably needs more thought.) > +(let ((inputs+currents > + (list > + (list > + "ranges must have start" > + (list (subid-range (name "m"))) > + (list (subid-range (name "x"))) > + "Loaded ranges are supposed to have a start, but at least one d= oes not.") > + (list > + "ranges must fall within allowed max min subids" > + (list (subid-range (name "m") > + (start (- %subordinate-id-min 1)) > + (count > + (+ %subordinate-id-max %subordinate-id-min)= ))) > + (list > + (subid-range (name "root") (start %subordinate-id-min))) > + "Subid range of m from 99999 to 600299998 spans over illegal su= bids. Max allowed is 600100000, min is 100000.")))) > + > + ;; Make sure it's impossible to explicitly request impossible allocati= ons > + (for-each > + (match-lambda > + ((test-name ranges current-ranges message) > + (test-assert (string-append "allocate-subids, impossible allocatio= ns - " > + test-name) > + (guard (c ((and (subordinate-id-range-error? c) > + (string=3D? message (subordinate-id-range-error-= message c))) > + #t)) > + (allocate-subids ranges current-ranges) > + #f)))) > + inputs+currents)) This is hard to read. It might be best to unroll the loop? Also, I would check for =E2=80=98&subordinate-id-range-error=E2=80=99 detai= ls than for messages: messages are for human beings, not for automated tests. Thoughts? Thanks, Ludo=E2=80=99.