Re: Guidance on solving the username namespacing problem

To: Russ Allbery <rra@debian.org>
Cc: Philipp Kern <pkern@debian.org>, Simon McVittie <smcv@debian.org>, debian-policy@lists.debian.org, pkg-systemd-maintainers@lists.alioth.debian.org
Subject: Re: Guidance on solving the username namespacing problem
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 5 Jan 2020 18:59:04 +0000
Message-id: <[🔎] 20200105185904.GF3701@riva.ucam.org>
Mail-followup-to: Russ Allbery <rra@debian.org>, Philipp Kern <pkern@debian.org>, Simon McVittie <smcv@debian.org>, debian-policy@lists.debian.org, pkg-systemd-maintainers@lists.alioth.debian.org
In-reply-to: <[🔎] 87zhf17obi.fsf@hope.eyrie.org>
References: <[🔎] 20200104160858.GA156731@espresso.pseudorandom.co.uk> <[🔎] ffa3ac37-eb9c-b0e7-d90c-25c02dfd5c79@philkern.de> <[🔎] 87zhf17obi.fsf@hope.eyrie.org>

[I haven't been following the rest of this discussion.  Thanks for the
CC - let me know if I'm egregiously missing anything.]

On Sun, Jan 05, 2020 at 10:25:37AM -0800, Russ Allbery wrote:
> Philipp Kern <pkern@debian.org> writes:
> > It looks like the range must be contiguous, as it is compiled in[1].
> > What are the preexisting ones apart from netplan that you have in mind?
> > It feels like systemd's boundaries are pretty arbitrary (0xEF00 to
> > 0xFFEF) but at the same time we might want to reserve a range for it in
> > policy - given that right now it is effectively squatting in that range?
> 
> Yes.  We should also coordinate this with Colin as the base-passwd
> maintainer.  Let me cc him explicitly.
> 
> It's possible that we can just use the existing systemd range, provided
> that we can find some workable approach for netplan.

As Simon said, EF00-FFEF = 61184-65519 covers more than just netplan
(https://salsa.debian.org/debian/base-passwd/blob/master/README), and
several of the IDs allocated there in the vaguely recent past are hard
to change (their rationales included "needs to be the same across
multiple machines"), so I don't think we can use the existing systemd
range - it needs to be adjusted for Debian at least to some extent.  I'm
not prepared to cede all of 64000-64999 to systemd; perhaps it would
have been better if base-passwd had started at 60000 instead, but we're
here now.

The rate of static allocations in 60000-64999 is low enough that I'm not
concerned in principle about carving off a slice of it for dynamic
allocations by systemd-sysusers, and in any case I wasn't expecting to
ever need to allocate more static IDs under 64000 (netplan was before my
time).  Perhaps we could start by reserving 61184-63433, given the
netplan allocation?  Yes, it's a bit arbitrary, but also not really all
that stingy, and base-passwd's allocations are meant to be permanent
even if the package has been removed (since we can never guarantee that
it's been removed from users' systems).

An alternative would be to reserve 61184-63999, with a Debian patch to
exclude netplan's 63434.  That doesn't seem likely to be difficult; it
could go in the same place where systemd is already doing NSS checks.

I'm generally in favour of the underscore prefix recommendation in some
form, and would be happy to enforce that for new static allocations in
base-passwd.

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Re: Guidance on solving the username namespacing problem
  - From: Russ Allbery <rra@debian.org>

References:
- Re: Guidance on solving the username namespacing problem
  - From: Simon McVittie <smcv@debian.org>
- Re: Guidance on solving the username namespacing problem
  - From: Philipp Kern <pkern@debian.org>
- Re: Guidance on solving the username namespacing problem
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Re: Guidance on solving the username namespacing problem
Next by Date: Re: Guidance on solving the username namespacing problem
Previous by thread: Re: Guidance on solving the username namespacing problem
Next by thread: Re: Guidance on solving the username namespacing problem
Index(es):
- Date
- Thread