Fwd: VirtualBox/setuid binaries

Christian Hergert christian at hergert.me
Thu Nov 15 20:27:33 UTC 2018


On 11/15/18 4:50 AM, Alexander Larsson wrote:
> Flatpak is fundamentally based on the kernel support for unprivileged
> user namespaces. This is the way we can launch a "container" sandbox
> without ever needing to be root. (We alternatively also support doing
> the same thing via a setuid bwrap helper, but that is immaterial for
> this dicussion, so lets ignore that for now). We use the
> PR_SET_NO_NEW_PRIVS prctl to guarantee this, and unless we do that,
> the namespace operations will fail.

Slightly off-topic, but on-topic enough to probably drive some direction
of future features:

I'd like to be able to ship Sysprof as a Flatpak (as well as not
requiring Sysprof on the host from the Builder flatpak).

Sysprof requires a systemd service which performs things like
__NR_perf_event_open syscall and parsing /proc/kallsyms so that the UI
process does not require elevated privileges. (All done via D-Bus fd
passing and polkit authorization).

I talked with Lennart at GUADEC about systemd portable services, and it
sounded like that may be one avenue to explore. If we could have a way
to register a systemd portable service from our Flatpak (even better if
using the transient portable service feature for auto-cleanup?) then
that could be one way to get elevated system access under an authorized
scenario.

What was rather tricky about it was that it requires passing a squashfs
or tarball (or something of that nature) for the portable service.

-- Christian


More information about the Flatpak mailing list