Le 02/10/2024 à 16:53, Ilya Leoshkevich a écrit :
On Wed, 2024-10-02 at 09:44 -0500, Noah Goldstein wrote:
On Wed, Oct 2, 2024 at 9:38 AM Ilya Leoshkevich <i...@linux.ibm.com>
wrote:
On Wed, 2024-10-02 at 16:08 +0200, Laurent Vivier wrote:
Le 02/10/2024 à 10:08, Ilya Leoshkevich a écrit :
On Fri, 2024-08-30 at 15:36 -0700, Noah Goldstein wrote:
The new option '-qemu-children' makes it so that on `execve`
the
child
process will be launch by the same `qemu` executable that is
currently
running along with its current commandline arguments.
The motivation for the change is to make it so that plugins
running
through `qemu` can continue to run on children. Why not just
`binfmt`?: Plugins can be desirable regardless of
system/architecture
emulation, and can sometimes be useful for elf files that can
run
natively. Enabling `binfmt` for all natively runnable elf
files
may
not be desirable.
Another reason to have this is that one may not have root
permissions
to configure binfmt-misc.
A little note on that: binfmt_misc is now part of the user
namespace
(since linux v6.7), so you can
configure binfmt_misc as a non root user in a given namepace.
There is helper to use it with unshare from util-linux, you can
do
things like that:
With 'F' flag, load the interpreter from the initial
namespace:
$ /bin/qemu-m68k-static --version
qemu-m68k version 8.2.2 (qemu-8.2.2-1.fc40)
Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project
developers
$ unshare --map-root-user --fork --pid
--load-interp=":qemu-
m68k:M::\\x7fELF\\x01\\x02\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x0
0\\x
00\\x00\\x00\\x02\\x00\\x04:\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\
x00\
\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\xff\\xff:/bin/
qemu
-m68k-static:OCF"
--root=chroot/m68k/sid
# QEMU_VERSION= ls
qemu-m68k version 8.2.2 (qemu-8.2.2-1.fc40)
Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project
developers
# /qemu-m68k --version
qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project
developers
Without 'F' flag, from inside the namespace:
$ unshare --map-root-user --fork --pid
--load-interp=":qemu-
m68k:M::\\x7fELF\\x01\\x02\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x0
0\\x
00\\x00\\x00\\x02\\x00\\x04:\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\
x00\
\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\xff\\xff:/qemu
-
m68k:OC"
--root=chroot/m68k/sid
# QEMU_VERSION= ls
qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project
developers
# /qemu-m68k --version
qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95)
Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project
developers
Thanks,
Laurent
Thanks for posting this, I wasn't aware of this feature and it
looks
really useful.
IIUC it also resolves the main problem this patch is dealing with:
I might misunderstand, but I don't think it does in the sense
that it still might not be desirable to use the same qemu flags
for the entire class of executables.
I.e the original motivating case was wanting to attach
some plugins to a process and its children and AFAICT
binfmt still doesn't give that level of control.
I think if you start a process in a user namespace, which has a
binfmt_misc handler for a certain class of binaries, then this handler
will affect only this process and its children, and not the rest of the
system.
Yes, the binfmt_misc configuration is only available in the given namespace.
Thanks,
Laurent
