Namespace for binfmt?

Registered by Serge Hallyn on 2012-10-03

binfmt_misc (miscelaneous binary formats) is a kernel module which supports the specification of userspace interpreters for binaries executed by userspace. By specifying an invalid binfmt for ELF, it is possible for a confused chroot or package to destroy the ability of the host to execute any binaries.

By introducing a namespace for binfmts, a chroot could be preventd from changing the binary formats usable on the host.

Blueprint information

Status:
Not started
Approver:
Dave Walker
Priority:
Medium
Drafter:
Ubuntu Server
Direction:
Approved
Assignee:
Serge Hallyn
Definition:
Approved
Series goal:
Accepted for raring
Implementation:
Deferred
Milestone target:
milestone icon ubuntu-13.04-feature-freeze

Related branches

Sprints

Whiteboard

User Stories:

Aboo installs qemu-user-static:i386 on his amd64 host. He is
now unable to execute any amd64 elf binaries including sync and
poweroff.

Risks:

Upstream (kernel) rejects the idea.

Test Plans:

* Install
  * qemu-user-static:i386 on amd64 host
  * qemu-user-static:amd64 in i386 userspace on amd64 kernel

* Run full ltp, qemu, libvirt, and lxc testsuites on any proposed kernel change.

Release Note:

Notes:
  * related bug: http://pad.lv/427863
  * I don't seem able to make qemu-user-static in a i386 chroot on amd64
    hot break the host in raring. (in precise i can). Therefore I removed the
    work item for adding a check for that condition to qemu-user-static.postinst.

(?)

Work Items

Work items:
[cjwatson] write a formal userspace rationale for binfmt namespace: POSTPONED
[smb] (or serge-hallyn) consider querying about a -o newinstance mount option to binfmt_misc filesystem (problem is how toI tie that to task doing exec): POSTPONED
[serge-hallyn] talk to stefan-bader-canonical about possible ns implementation: POSTPONED
[smb] consider implementing binfmt namespace: POSTPONED

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.