On Wed, Oct 2, 2024 at 11:35 AM Ilya Leoshkevich <i...@linux.ibm.com> wrote: > > On Wed, 2024-10-02 at 11:24 -0500, Noah Goldstein wrote: > > On Wed, Oct 2, 2024 at 11:14 AM Ilya Leoshkevich <i...@linux.ibm.com> > > wrote: > > > > > > On Wed, 2024-10-02 at 10:10 -0500, Noah Goldstein wrote: > > > > On Wed, Oct 2, 2024 at 9:53 AM Ilya Leoshkevich > > > > <i...@linux.ibm.com> > > > > wrote: > > > > > > > > > > On Wed, 2024-10-02 at 09:44 -0500, Noah Goldstein wrote: > > > > > > On Wed, Oct 2, 2024 at 9:38 AM Ilya Leoshkevich > > > > > > <i...@linux.ibm.com> > > > > > > wrote: > > > > > > > > > > > > > > On Wed, 2024-10-02 at 16:08 +0200, Laurent Vivier wrote: > > > > > > > > Le 02/10/2024 à 10:08, Ilya Leoshkevich a écrit : > > > > > > > > > On Fri, 2024-08-30 at 15:36 -0700, Noah Goldstein > > > > > > > > > wrote: > > > > > > > > > > The new option '-qemu-children' makes it so that on > > > > > > > > > > `execve` > > > > > > > > > > the > > > > > > > > > > child > > > > > > > > > > process will be launch by the same `qemu` executable > > > > > > > > > > that > > > > > > > > > > is > > > > > > > > > > currently > > > > > > > > > > running along with its current commandline arguments. > > > > > > > > > > > > > > > > > > > > The motivation for the change is to make it so that > > > > > > > > > > plugins > > > > > > > > > > running > > > > > > > > > > through `qemu` can continue to run on children. Why > > > > > > > > > > not > > > > > > > > > > just > > > > > > > > > > `binfmt`?: Plugins can be desirable regardless of > > > > > > > > > > system/architecture > > > > > > > > > > emulation, and can sometimes be useful for elf files > > > > > > > > > > that > > > > > > > > > > can > > > > > > > > > > run > > > > > > > > > > natively. Enabling `binfmt` for all natively runnable > > > > > > > > > > elf > > > > > > > > > > files > > > > > > > > > > may > > > > > > > > > > not be desirable. > > > > > > > > > > > > > > > > > > Another reason to have this is that one may not have > > > > > > > > > root > > > > > > > > > permissions > > > > > > > > > to configure binfmt-misc. > > > > > > > > > > > > > > > > A little note on that: binfmt_misc is now part of the > > > > > > > > user > > > > > > > > namespace > > > > > > > > (since linux v6.7), so you can > > > > > > > > configure binfmt_misc as a non root user in a given > > > > > > > > namepace. > > > > > > > > > > > > > > > > There is helper to use it with unshare from util-linux, > > > > > > > > you > > > > > > > > can > > > > > > > > do > > > > > > > > things like that: > > > > > > > > > > > > > > > > With 'F' flag, load the interpreter from the initial > > > > > > > > namespace: > > > > > > > > > > > > > > > > $ /bin/qemu-m68k-static --version > > > > > > > > qemu-m68k version 8.2.2 (qemu-8.2.2-1.fc40) > > > > > > > > Copyright (c) 2003-2023 Fabrice Bellard and the QEMU > > > > > > > > Project > > > > > > > > developers > > > > > > > > $ unshare --map-root-user --fork --pid > > > > > > > > --load-interp=":qemu- > > > > > > > > m68k:M::\\x7fELF\\x01\\x02\\x01\\x00\\x00\\x00\\x00\\x00\ > > > > > > > > \x00 > > > > > > > > \\x0 > > > > > > > > 0\\x > > > > > > > > 00\\x00\\x00\\x02\\x00\\x04:\\xff\\xff\\xff\\xff\\xff\\xf > > > > > > > > f\\x > > > > > > > > fe\\ > > > > > > > > x00\ > > > > > > > > \xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\xff\\x > > > > > > > > ff:/ > > > > > > > > bin/ > > > > > > > > qemu > > > > > > > > -m68k-static:OCF" > > > > > > > > --root=chroot/m68k/sid > > > > > > > > # QEMU_VERSION= ls > > > > > > > > qemu-m68k version 8.2.2 (qemu-8.2.2-1.fc40) > > > > > > > > Copyright (c) 2003-2023 Fabrice Bellard and the QEMU > > > > > > > > Project > > > > > > > > developers > > > > > > > > # /qemu-m68k --version > > > > > > > > qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95) > > > > > > > > Copyright (c) 2003-2022 Fabrice Bellard and the QEMU > > > > > > > > Project > > > > > > > > developers > > > > > > > > > > > > > > > > Without 'F' flag, from inside the namespace: > > > > > > > > > > > > > > > > $ unshare --map-root-user --fork --pid > > > > > > > > --load-interp=":qemu- > > > > > > > > m68k:M::\\x7fELF\\x01\\x02\\x01\\x00\\x00\\x00\\x00\\x00\ > > > > > > > > \x00 > > > > > > > > \\x0 > > > > > > > > 0\\x > > > > > > > > 00\\x00\\x00\\x02\\x00\\x04:\\xff\\xff\\xff\\xff\\xff\\xf > > > > > > > > f\\x > > > > > > > > fe\\ > > > > > > > > x00\ > > > > > > > > \xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\xfe\\xff\\x > > > > > > > > ff:/ > > > > > > > > qemu > > > > > > > > - > > > > > > > > m68k:OC" > > > > > > > > --root=chroot/m68k/sid > > > > > > > > # QEMU_VERSION= ls > > > > > > > > qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95) > > > > > > > > Copyright (c) 2003-2022 Fabrice Bellard and the QEMU > > > > > > > > Project > > > > > > > > developers > > > > > > > > # /qemu-m68k --version > > > > > > > > qemu-m68k version 8.0.50 (v8.0.0-340-gb1cff5e2da95) > > > > > > > > Copyright (c) 2003-2022 Fabrice Bellard and the QEMU > > > > > > > > Project > > > > > > > > developers > > > > > > > > > > > > > > > > Thanks, > > > > > > > > Laurent > > > > > > > > > > > > > > > > > > > > > > Thanks for posting this, I wasn't aware of this feature and > > > > > > > it > > > > > > > looks > > > > > > > really useful. > > > > > > > > > > > > > > IIUC it also resolves the main problem this patch is > > > > > > > dealing > > > > > > > with: > > > > > > > > > > > > I might misunderstand, but I don't think it does in the sense > > > > > > that it still might not be desirable to use the same qemu > > > > > > flags > > > > > > for the entire class of executables. > > > > > > > > > > > > I.e the original motivating case was wanting to attach > > > > > > some plugins to a process and its children and AFAICT > > > > > > binfmt still doesn't give that level of control. > > > > > > > > > > I think if you start a process in a user namespace, which has a > > > > > binfmt_misc handler for a certain class of binaries, then this > > > > > handler > > > > > will affect only this process and its children, and not the > > > > > rest of > > > > > the > > > > > system. > > > > > > > > It won't also affect other binaries in the user namespace? > > > > > > It would, but you should be able to create a user namespace just > > > for your program. It should also be possible to nest user > > > namespaces. > > > > Okay fair enough. Still pro this patch as an easier means > > but guess it loses any necessity. > > > > To be clear, are you rejecting? > > No, personally I still find it useful, because the systems with old > kernels will be around for quite some time.
:) > > > > > > > > Enabling `binfmt` for all natively runnable elf files may > > > > > > > not be desirable. >
