New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new "machinectl shell" command for su(1)-like behaviour #1022

Merged
merged 15 commits into from Aug 25, 2015

Conversation

6 participants
@poettering
Member

poettering commented Aug 24, 2015

This adds a new "machinectl shell" command that we can use for creating su(1)-like privileged sessions, that are fully isolated from the original session.

poettering added some commits Aug 23, 2015

core: optionally create LOGIN_PROCESS or USER_PROCESS utmp entries
When generating utmp/wtmp entries, optionally add both LOGIN_PROCESS and
INIT_PROCESS entries or even all three of LOGIN_PROCESS, INIT_PROCESS
and USER_PROCESS entries, instead of just a single INIT_PROCESS entry.

With this change systemd may be used to not only invoke a getty directly
in a SysV-compliant way but alternatively also a login(1) implementation
or even forego getty and login entirely, and invoke arbitrary shells in
a way that they appear in who(1) or w(1).

This is preparation for a later commit that adds a "machinectl shell"
operation to invoke a shell in a container, in a way that is compatible
with who(1) and w(1).
core: open up more executable properties via the bus
This is preparation for a later commit that makes use of these
properties for spawning an interactive shell in a container.
machined: add new OpenShell() bus call
This new bus call opens an interactive shell in a container. It works
like the existing OpenLogin() call, but does not involve getty, and
instead opens an arbitrary command line.

This is similar to "systemd-run -t -M" but is controlled by a specific
PolicyKit privilege.
machinectl: add new "machinectl shell" command
This makes use of machined's new OpenShell() command and allows opening
a new interactive shell in any container.
machined: always look for leader PID first
When looking for the machine belonging to a PID, always look for the
leader first, only then fall back to a cgroup check. We keep direct
track of the leader PID, but only indirectly of the cgroup, hence prefer
the PID.
util: make hostname_is_valid() easier to read
Add more comments, and rename some parameters and variables to be more
expressive.
util: make machine_name_is_valid() a macro and move it to hostname-ut…
…il.h

As it turns out machine_name_is_valid() does the exact same thing as
hostname_is_valid() these days, as it just invoked that and checked the
name length was < 64. However, hostname_is_valid() checks the length
against HOST_NAME_MAX anyway (which is 64 on Linux), hence any
additional check is redundant.

We hence replace machine_name_is_valid() by a macro that simply maps it
to hostname_is_valid() but sets the allow_trailing_dot parameter to
false. We also move this this call to hostname-util.h, to the same place
as the hostname_is_valid() declaration.
machined: validate machine names at more places
When enumerating machines from /run, and when accepting machine names
for operations, be more strict and always validate.

Note that these checks are strictly speaking unnecessary, since
enumeration happens only on the trusted /run...
machined: introduce pseudo-machine ".host" refererring to the host sy…
…stem

Some of the operations machined/machinectl implement are also very
useful when applied to the host system (such as machinectl login,
machinectl shell or machinectl status), hence introduce a pseudo-machine
by the name of ".host" in machined that refers to the host system, and
may be used top execute operations on the host system with.

This copies the pseudo-image ".host" machined already implements for
image related commands.

(This commit also adds a PK privilege for opening a PTY in a container,
which was previously not accessible for non-root.)
machinectl: don't show ".host" pseudo-machine in list by default
Let's hide all machines whose name begins with "." by default, thus
hiding the ".host" pseudo-machine, unless --all is specified. This
takes inspiration from the ".host" image handling in "machinectl
list-images" which also hides all images whose name starts with ".".
machined: userns is only supported for container-class machines
We do not support userns for VM machines or for the host itself.
systemctl: properly handle empty control group paths in "status"
When showing the status of the "-.slice" slice root unit (whose reported
cgroup path is ""), we suppressed the cgroup tree so far, because
skipped it for all unit with an empty cgroup path. Let's fix that, and
properly handle the empty cgroup path.
machined: beef up PolicyKit actions
Introduce separate actions for creating login or shell sessions for
the local host or a local container. By default allow local unprivileged
clients to create new login sessions (which is safe, since getty will
ask for username and authentication).

Also, imply login privs from shell privs, as well as shell and login
privs from manage privs.
machinectl: make machine name parameters for "shell" and "login" opti…
…onal

If no machine name is specified, imply that we connect to ".host", i.e.
the local host.
machinectl: extend the "shell" syntax to take user@container names
In order to make "machinectl shell" more similar to ssh, allow the
following syntax to connect to a container under a specific username:

        machinectl shell lennart@fedora

Also beefs up related man page documentation.

@poettering poettering added the machine label Aug 24, 2015

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

redundant

teg commented on src/shared/utmp-wtmp.c in 023a4f6 Aug 25, 2015

redundant

This comment has been minimized.

Show comment
Hide comment
@poettering

poettering Aug 25, 2015

Owner

what is supposed to be redundant? note that we use the same "store" utmp struct, and first set .ut_type to INIT_PROCESS, then to LOGIN_PROCESS and finally to USER_PROCESS, each time calling write_entry_both()... I don't see what is redundant here?

Owner

poettering replied Aug 25, 2015

what is supposed to be redundant? note that we use the same "store" utmp struct, and first set .ut_type to INIT_PROCESS, then to LOGIN_PROCESS and finally to USER_PROCESS, each time calling write_entry_both()... I don't see what is redundant here?

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

d'oh, i misread. Ignore me.

teg replied Aug 25, 2015

d'oh, i misread. Ignore me.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Should be "getty-compatible", so missing a hyphen.

teg commented on man/systemd.exec.xml in 023a4f6 Aug 25, 2015

Should be "getty-compatible", so missing a hyphen.

This comment has been minimized.

Show comment
Hide comment
@poettering

poettering Aug 25, 2015

Owner

Will fix.

Owner

poettering replied Aug 25, 2015

Will fix.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Tiny nits. Otherwise looks good.

teg commented on 023a4f6 Aug 25, 2015

Tiny nits. Otherwise looks good.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on 506711f Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on 49af9e1 Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks good.

teg commented on b59abc4 Aug 25, 2015

Looks good.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks good.

teg commented on 25300b5 Aug 25, 2015

Looks good.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks good.

teg commented on b9a8d25 Aug 25, 2015

Looks good.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on fee6d01 Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on a79366e Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on b04c25f Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

"is required to acquire" (also above)

"is required to acquire" (also above)

This comment has been minimized.

Show comment
Hide comment
@poettering

poettering Aug 25, 2015

Owner

Will fix.

Owner

poettering replied Aug 25, 2015

Will fix.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on 4289c3a Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Note that

teg commented on man/machinectl.xml in 91913f5 Aug 25, 2015

Note that

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on 91913f5 Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on ef3100e Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks fine.

teg commented on c454426 Aug 25, 2015

Looks fine.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks good.

teg commented on 077c8c3 Aug 25, 2015

Looks good.

@teg

This comment has been minimized.

Show comment
Hide comment
@teg

teg Aug 25, 2015

Looks good.

teg commented on fbe5507 Aug 25, 2015

Looks good.

teg added a commit that referenced this pull request Aug 25, 2015

Merge pull request #1022 from poettering/machinectl-shell
Add new "machinectl shell" command for su(1)-like behaviour

@teg teg merged commit 498fb56 into systemd:master Aug 25, 2015

1 check passed

semaphoreci The build passed on Semaphore.
Details
@johannbg

This comment has been minimized.

Show comment
Hide comment
@johannbg

johannbg Aug 25, 2015

Contributor

Took only 2 years almost to date for 1000200 bz.rh to be implemented. Better late then never ; ) This one will be appreciated by administrators ;)

Contributor

johannbg commented Aug 25, 2015

Took only 2 years almost to date for 1000200 bz.rh to be implemented. Better late then never ; ) This one will be appreciated by administrators ;)

the new session from the originating session, so that it
shares no process or session properties, and is in a clean and
well-defined state. It will be tracked in a new utmp, login,
audit and keyring session, and will not inherit an environment

This comment has been minimized.

@vcaputo

vcaputo Aug 25, 2015

Member

s/an/any/

@vcaputo

vcaputo Aug 25, 2015

Member

s/an/any/

This comment has been minimized.

@poettering

poettering Aug 26, 2015

Member

Fixed via #1048. THanks!

@poettering

poettering Aug 26, 2015

Member

Fixed via #1048. THanks!

@kergalym

This comment has been minimized.

Show comment
Hide comment
@kergalym

kergalym Aug 29, 2015

For what it needed to use? For safety adjusting in-chroot systems?

kergalym commented Aug 29, 2015

For what it needed to use? For safety adjusting in-chroot systems?

@giannisalinetti

This comment has been minimized.

Show comment
Hide comment
@giannisalinetti

giannisalinetti Aug 29, 2015

I have a silly question: Is it going to coexist in parallel with the old su?

giannisalinetti commented Aug 29, 2015

I have a silly question: Is it going to coexist in parallel with the old su?

@poettering

This comment has been minimized.

Show comment
Hide comment
@poettering

poettering Aug 30, 2015

Member

For what it needed to use? For safety adjusting in-chroot systems?

machinectl shell is useful for getting shell sessions that are entirely isolated from the originating session in local containers or the host.

I have a silly question: Is it going to coexist in parallel with the old su?

Sure.

Please not that this is not a discussion forum, but an issue and patch tracker. Please redirect questions like these elsewhere, such as the systemd mailing list.

Member

poettering commented Aug 30, 2015

For what it needed to use? For safety adjusting in-chroot systems?

machinectl shell is useful for getting shell sessions that are entirely isolated from the originating session in local containers or the host.

I have a silly question: Is it going to coexist in parallel with the old su?

Sure.

Please not that this is not a discussion forum, but an issue and patch tracker. Please redirect questions like these elsewhere, such as the systemd mailing list.

@systemd systemd locked and limited conversation to collaborators Aug 30, 2015

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.