From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 22 12:34:03 2021 Received: (at submit) by debbugs.gnu.org; 22 Mar 2021 16:34:03 +0000 Received: from localhost ([127.0.0.1]:58359 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lONVC-00050f-P8 for submit@debbugs.gnu.org; Mon, 22 Mar 2021 12:34:03 -0400 Received: from lists.gnu.org ([209.51.188.17]:59510) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lONRr-0004vR-N4 for submit@debbugs.gnu.org; Mon, 22 Mar 2021 12:30:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54224) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lONRo-00024A-1M for guix-patches@gnu.org; Mon, 22 Mar 2021 12:30:35 -0400 Received: from mail-ej1-x631.google.com ([2a00:1450:4864:20::631]:34337) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lONRk-0007Rr-C3 for guix-patches@gnu.org; Mon, 22 Mar 2021 12:30:31 -0400 Received: by mail-ej1-x631.google.com with SMTP id b7so22330631ejv.1 for ; Mon, 22 Mar 2021 09:30:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=muradm-net.20150623.gappssmtp.com; s=20150623; h=user-agent:from:to:subject:date:message-id:mime-version :content-disposition:content-description; bh=AUdCeMwi8fhv7sUJ/J8jnfLh+7j7c1chPMFnuf2Th1k=; b=tVM9i0DmWbmwyYrpPxkHcASYT4ZH2QouBbC0OvadN3V0R6cqkj4zFTJWqLarYezpBh +sKGj6TDIThdPpuFljZy3W2+0s4QhzAzoDF0hgtQIThNYq/qmtOpHAQA8/GlCutbtuD6 BAx8tkWkPJW1WXJnjDVL7xcpEYepgXiv42aFmgWxDCWO88/GiG7MpXpLcHtWIrrG0DPq blzdcwmdy/KIxtciEmwC+29RxYqGlPSVxCqm/TkSjagudUf5a4MmSpiUd9mLeK6qOW+9 QoBna15u/FIzzmlFRWTgc1o+UvibQR0UGuZkCja4CXrq0T4dOpFIwqdkSh5DPCZ2C74Z IwJA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:user-agent:from:to:subject:date:message-id :mime-version:content-disposition:content-description; bh=AUdCeMwi8fhv7sUJ/J8jnfLh+7j7c1chPMFnuf2Th1k=; b=kw+zvbAN9kfGb1NHb4tyv+x5BUVX8y12Ffzl2BOFYXqK80zbvlzN6uRfsXLYnBqdM+ 7yk+8kiBImOWFvkY8LRHd3dDTqHOA+thUkQjv52imsTkt9o0XyhDN222RyftwrriWgB0 hV40GhKrfLqru/F74zalLZR6ah8VemYJg+/Z0FLMHMrJfwO3bLShP57GiXhr1neimYID ahrMtQ7zBHcXz0OxO6gkxLn9r09GV44Lx8cZSKvVfpRLy7gWJ9RU4IHBXK5MuSI9Nd7r eEQm1iqHgUUatB4O2/wotg/ucwjAwB9JksatrAyD1KzWDh+DesZ7BSgr2rTzuhwzj+yG ge5w== X-Gm-Message-State: AOAM531KL2WfheHicHRT6yRJQbI8+Fo3s1MsXAP4cQZeGTIATQpfEtDB Mqqir2JYTSwpfv04aflSYG4fLI9n59ERRRWf X-Google-Smtp-Source: ABdhPJxw524AGYZipvF8wGIi2b2pfCljb9jQN8HpIYgcCFMKP0KJZVtEqwZiZS/rNS3aghLwTGyYcg== X-Received: by 2002:a17:906:f283:: with SMTP id gu3mr616944ejb.91.1616430625202; Mon, 22 Mar 2021 09:30:25 -0700 (PDT) Received: from nomad-gx1 ([217.131.81.96]) by smtp.gmail.com with ESMTPSA id hd37sm9512937ejc.114.2021.03.22.09.30.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 22 Mar 2021 09:30:24 -0700 (PDT) User-agent: mu4e 1.4.15; emacs 27.1 From: muradm To: guix-patches@gnu.org Subject: [PATCH] services: export sysctl-configuration record field accessors Date: Mon, 22 Mar 2021 19:30:23 +0300 Message-ID: <877dlzb17k.fsf@muradm.net> MIME-Version: 1.0 Content-Type: text/x-patch Content-Disposition: inline; filename=0001-services-export-sysctl-configuration-record-field-ac.patch Content-Description: gnu-services-sysctl Received-SPF: none client-ip=2a00:1450:4864:20::631; envelope-from=mail@muradm.net; helo=mail-ej1-x631.google.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Mon, 22 Mar 2021 12:34:01 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) >From 0928d70c1cd5a98efd7671c05b38757400941790 Mon Sep 17 00:00:00 2001 From: muradm Date: Mon, 22 Mar 2021 19:09:48 +0300 Subject: [PATCH] services: export sysctl-configuration record field accessors * gnu/services/sysctl.scm (sysctl-configuration-sysctl): new public function * gnu/services/sysctl.scm (sysctl-configuration-settings): new public function Signed-off-by: muradm --- gnu/services/sysctl.scm | 2 ++ 1 file changed, 2 insertions(+) diff --git a/gnu/services/sysctl.scm b/gnu/services/sysctl.scm index aaea7cc30d..80ed2ff46f 100644 --- a/gnu/services/sysctl.scm +++ b/gnu/services/sysctl.scm @@ -25,6 +25,8 @@ #:use-module (srfi srfi-1) #:use-module (ice-9 match) #:export (sysctl-configuration + sysctl-configuration-sysctl + sysctl-configuration-settings sysctl-service-type %default-sysctl-settings)) -- 2.31.0 From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 24 08:52:05 2021 Received: (at 47323) by debbugs.gnu.org; 24 Mar 2021 12:52:05 +0000 Received: from localhost ([127.0.0.1]:34230 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lP2zU-0004Vj-Nh for submit@debbugs.gnu.org; Wed, 24 Mar 2021 08:52:05 -0400 Received: from mail-wr1-f54.google.com ([209.85.221.54]:36716) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lP1iC-0000PE-7n for 47323@debbugs.gnu.org; Wed, 24 Mar 2021 07:30:09 -0400 Received: by mail-wr1-f54.google.com with SMTP id k8so24059756wrc.3 for <47323@debbugs.gnu.org>; Wed, 24 Mar 2021 04:30:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=muradm-net.20150623.gappssmtp.com; s=20150623; h=date:from:to:subject:message-id:mime-version:content-disposition; bh=zhPmqa/hYID/bjj8aRiFfMTdSbWyhfX9dJVDEsZO37s=; b=j4fAWuBfnjsgniowXVvVZ9Mz4NR3FCsO5lT67HL5tSqdcL7bqFOqSafHXL8DoKuAYc bfwpc9CeLkAE/z4vGApB7BJEM/aNxVRT4z0naOcl4LHwPATVqm1YSbCN05jA7aJuA0Qv WsMaElC1FNCxxWkb3oSCT90teVz602Y8AC+5CQGtooKeUEvO6wgZ1u/mFDDz16+os6va vE5snTQWRa30bGPHXr3HJNbqTv1FG6oQ5YQ1Y1i2sIUk9PmUAX65xdxYtq5dna+SMKLA RqyH9RGcyIIKZDxjfGxaJTS9IML7fQgZf69AbVoMJ7SA3U6SFlPSYY6LObvYs70FCSiJ hpbw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-disposition; bh=zhPmqa/hYID/bjj8aRiFfMTdSbWyhfX9dJVDEsZO37s=; b=tB7gPBR6ZEK+Tthtw2nwN9K4a/Vjm2LY7JzKptusHTyvoze98AXfDZuyjJz1XBbPyn 4/JEP1H1ZJjiF5eUrQ4k7Rqu6aXUS+7fELEeGV4mZD1GehmTAygncNx0qiVqN5RUgFcM cvm7+lPnH3cFDQIsoqFIt2OIRy6LcueF1RzxeJbEueslmzhb37lmWWSGtbzmeTlnZQP3 IxWgsfStKZxFjns27XWfrMQl6zvAP4U6ydX1WW4w5qndAULCoKGj14P7p+QmaJkdsqyg uGCaq+CICl97ZTCF3FjSByQyABClOW9EOAOEJiQeltgqRjpb3Dv3+hljjRRJ3Yw1TnH7 wvWQ== X-Gm-Message-State: AOAM533auk+4BJvl05p7iHMjxVfUuotgscxBrHRDa1Icqc9RKSICrULf JTv5/H3FnnNQmy5I7JHsm/i3JPDMdyMNzj77 X-Google-Smtp-Source: ABdhPJxmvY2FKkniKDbxgV123z66Hp2yl0vS9V+hvMp9gOOCkxgu1LPv8za6Y3qFbpL2SKgq8Ujm3A== X-Received: by 2002:a05:6000:2c4:: with SMTP id o4mr2955477wry.190.1616585401919; Wed, 24 Mar 2021 04:30:01 -0700 (PDT) Received: from localhost ([217.131.81.96]) by smtp.gmail.com with ESMTPSA id b17sm2826049wrt.17.2021.03.24.04.30.00 for <47323@debbugs.gnu.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Mar 2021 04:30:01 -0700 (PDT) Date: Wed, 24 Mar 2021 14:29:59 +0300 From: muradm To: 47323@debbugs.gnu.org Subject: [PATCH] services: export sysctl-configuration record field accessors Message-ID: <20210324112959.24dg3ywekxdrodes@muradm-aln1> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 47323 X-Mailman-Approved-At: Wed, 24 Mar 2021 08:51:39 -0400 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) As per discussion with Leo on IRC #guix in relation to #47013 and #47323. There is a need to have important sysctl settings fs.protected_hardlinks and fs.protected_symlinks for all installations of Guix in the world unless explicitly stated otherwise. Currently in Linux kernel they are unset by default. It is also stated that other distributions do the same. In perfect world I would go for Solution 1 below, as it is most effectful, and clean. Solution 1: From this statement, it seems that the first resort whould be Linux kernel it self. If it would be possible to configure them with Kconfig, that would be best place. As of my brief look at linux/fs, they are not configurable, but may be I miss somthing. Any way preferred solution would be just compile kernel with protected hardlinks and symlinks set to 1. Since other distributions do the same, it could be reasonable to expose these two settings via Kconfig, and solve it there. - pros: great for the world - cons: have to do enhancement in mainline Linux Solution 2: If it is not possible to have these two settings in kernel as per Solution 1, Guix may maintain a patch to kernel that would do this. - pros: no need to enhance mainline Linux - cons: will impact users who do use Guix and compile Linux kernel them selves Solution 3: Handle in Guix configuration. Everything below related to solution 3 and current issue #47323. Currently it is set as folowing: ;; gnu/services/sysctl.scm (define-module .... #:export (.... %default-sysctl-settings) (define %default-sysctl-settings ;; Default kernel parameters enabled with sysctl. '(("fs.protected_hardlinks" . "1") ("fs.protected_symlinks" . "1"))) (define-record-type* sysctl-configuration make-sysctl-configuration sysctl-configuration? (sysctl sysctl-configuration-sysctl ; path of the 'sysctl' command (default (file-append procps "/sbin/sysctl"))) (settings sysctl-configuration-settings ; alist of string pairs (default %default-sysctl-settings))) ;; ends- gnu/services/sysctl.scm And sysctl-service-type it self is added to the %base-services. Since sysctl-configuration-settings function to access settings field of sysctl-configuration instance is not exported, I have to do the following in my configuration: (define nomad-gx1-os (operating-system (inherit my-base-nomad-os) ;; important line-#1 ... (services (modify-services my-base-nomad-services (sysctl-service-type config => (inherit config) (settings (append %default-sysctl-settings ;; from gnu/services/sysctl.scm '(("fs.inotify.max_user_watches" . "524288") ("fs.inotify.max_user_instances" . "16384") ("fs.inotify.max_queued_events" . "65536"))))))))) This is fine, until I extend sysctl-service-type in my-base-nomad-os. Then I have to export my-base-nomad-sysctl-settings and join them with %default-sysctl-settings and extra settings for nomad-gx1-os. While it is bearable for one or two levels of inheritance, it becomes hard to keep track for more levels and/or many hosts. If sysctl-configuration-settings would be exported, then my configuration would become simplier: (services (modify-services my-base-nomad-services (sysctl-service-type config => (inherit config) (settings (append (sysctl-configuration-settings config) ;; now I can't do this '(("fs.inotify.max_user_watches" . "524288") ("fs.inotify.max_user_instances" . "16384") ("fs.inotify.max_queued_events" . "65536"))))))))) In this case, if Guix documentation will include sysctl-configuration-settings, then most likely people won't forget use %default-sysctl-settings, and it is still possible to override them if one desires not to use protected symlinks and hardlinks. -- muradm From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 31 09:33:59 2021 Received: (at 47323-done) by debbugs.gnu.org; 31 Mar 2021 13:33:59 +0000 Received: from localhost ([127.0.0.1]:53856 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRayt-0002x9-5k for submit@debbugs.gnu.org; Wed, 31 Mar 2021 09:33:59 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55258) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lRayr-0002wu-CM for 47323-done@debbugs.gnu.org; Wed, 31 Mar 2021 09:33:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:59838) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lRaym-0006DT-5g; Wed, 31 Mar 2021 09:33:52 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=60464 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1lRayl-0006Yx-Op; Wed, 31 Mar 2021 09:33:51 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: muradm Subject: Re: bug#47323: [PATCH] services: export sysctl-configuration record field accessors References: <877dlzb17k.fsf@muradm.net> Date: Wed, 31 Mar 2021 15:33:50 +0200 In-Reply-To: <877dlzb17k.fsf@muradm.net> (muradm's message of "Mon, 22 Mar 2021 19:30:23 +0300") Message-ID: <874kgra1mp.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 47323-done Cc: 47323-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.7 (-) Hi, muradm skribis: >>>From 0928d70c1cd5a98efd7671c05b38757400941790 Mon Sep 17 00:00:00 2001 > From: muradm > Date: Mon, 22 Mar 2021 19:09:48 +0300 > Subject: [PATCH] services: export sysctl-configuration record field acces= sors > > * gnu/services/sysctl.scm (sysctl-configuration-sysctl): new public funct= ion > * gnu/services/sysctl.scm (sysctl-configuration-settings): new public fun= ction > > Signed-off-by: muradm I tweaked the commit log and applied. > As per discussion with Leo on IRC #guix in relation to #47013 and > #47323. > > There is a need to have important sysctl settings > fs.protected_hardlinks and fs.protected_symlinks for all > installations of Guix in the world unless explicitly stated > otherwise. Currently in Linux kernel they are unset by default. It > is also stated that other distributions do the same. > > In perfect world I would go for Solution 1 below, as it is most > effectful, and clean. > > Solution 1: From this statement, it seems that the first resort > whould be Linux kernel it self. If it would be possible to > configure them with Kconfig, that would be best place. As of my > brief look at linux/fs, they are not configurable, but may be I > miss somthing. Any way preferred solution would be just compile > kernel with protected hardlinks and symlinks set to 1. Since other > distributions do the same, it could be reasonable to expose these > two settings via Kconfig, and solve it there. > - pros: great for the world > - cons: have to do enhancement in mainline Linux > > Solution 2: If it is not possible to have these two settings in > kernel as per Solution 1, Guix may maintain a patch to kernel that > would do this. > - pros: no need to enhance mainline Linux > - cons: will impact users who do use Guix and compile Linux kernel > them selves > > Solution 3: Handle in Guix configuration. Everything below related > to solution 3 and current issue #47323. > > Currently it is set as folowing: > > ;; gnu/services/sysctl.scm > (define-module .... > #:export (.... > %default-sysctl-settings) > > (define %default-sysctl-settings > ;; Default kernel parameters enabled with sysctl. > '(("fs.protected_hardlinks" . "1") > ("fs.protected_symlinks" . "1"))) > > (define-record-type* > sysctl-configuration make-sysctl-configuration > sysctl-configuration? > (sysctl sysctl-configuration-sysctl ; path of the 'sysctl' > command > (default (file-append procps "/sbin/sysctl"))) > (settings sysctl-configuration-settings ; alist of string pairs > (default %default-sysctl-settings))) > > ;; ends- gnu/services/sysctl.scm > > And sysctl-service-type it self is added to the > %base-services. Since sysctl-configuration-settings function to > access settings field of sysctl-configuration instance is not > exported, I have to do the following in my configuration: > > (define nomad-gx1-os > (operating-system > (inherit my-base-nomad-os) ;; important line-#1 > ... > (services > (modify-services my-base-nomad-services > (sysctl-service-type config =3D> > (inherit config) > (settings > (append > %default-sysctl-settings ;; from > gnu/services/sysctl.scm > '(("fs.inotify.max_user_watches" . "524288") > ("fs.inotify.max_user_instances" . "16384") > ("fs.inotify.max_queued_events" . "65536"))))))))) > > This is fine, until I extend sysctl-service-type in > my-base-nomad-os. Then I have to export > my-base-nomad-sysctl-settings and join them with > %default-sysctl-settings and extra settings for > nomad-gx1-os. While it is bearable for one or two levels of > inheritance, it becomes hard to keep track for more levels and/or > many hosts. > > If sysctl-configuration-settings would be exported, > then my configuration would become simplier: > > (services > (modify-services my-base-nomad-services > (sysctl-service-type config =3D> > (inherit config) > (settings > (append > (sysctl-configuration-settings config) ;; now I can't > do this > '(("fs.inotify.max_user_watches" . "524288") > ("fs.inotify.max_user_instances" . "16384") > ("fs.inotify.max_queued_events" . "65536"))))))))) > > In this case, if Guix documentation will include > sysctl-configuration-settings, then most likely people won't > forget use %default-sysctl-settings, and it is still possible to > override them if one desires not to use protected symlinks and > hardlinks. Indeed, this is a discussion Leo Famulari and I had while preparing the patch for this security issue. Like you write, there are different tradeoffs, and this solution is one possibility that looked reasonable. Thanks! Ludo=E2=80=99. From unknown Thu Aug 14 21:54:35 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 29 Apr 2021 11:24:05 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator