Proposal for changes in become root
Xavi Hernandez
xhernandez at gmail.com
Mon Apr 22 09:11:30 UTC 2024
Hi all,
One of the things I've found during my work with Samba and CephFS is that
CephFS (and actually most (all ?) other remote filesystems accessed without
using a kernel mount) don't really care about the effective uid/gid of the
process because the credentials to use for a given operation are actually
passed as an additional argument to the appropriate function of the remote
filesystem.
So changing the user to root and back to the connection user adds a lot of
unnecessary system calls in some workloads.
To avoid this overhead in those cases, I'm thinking if it could be possible
to implement that functionality in a VFS module as a new stacked function.
The idea is that become_root() (and maybe other functions) instead of
directly changing the process owner, they should call the VFS stack. If
none of the VFS modules provides an alternative, then vfs_default would
implement the system call equivalent to what is currently done. On the
other hand, if a VFS module has a better way to implement that, it could
intercept the request and do whatever changes are necessary internally to
send future requests using the new credentials, but completely avoiding the
unnecessary syscalls.
I'm not sure if this could even have other benefits to implement
alternative privilege escalation methods as regular VFS modules.
What do you think ?
Thanks,
Xavi
More information about the samba-technical
mailing list