[Bug 776392] Re: finish user session support
Dmitrijs Ledkovs
launchpad at surgut.co.uk
Sat Nov 2 23:30:22 UTC 2013
given that chroots are mostly replaced by containers, when one actually wants to isolate networking and run services.
and that enhanced user-session init has been introduced, can this bug now be closed?
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to upstart in Ubuntu.
https://bugs.launchpad.net/bugs/776392
Title:
finish user session support
Status in “upstart” package in Ubuntu:
New
Bug description:
Binary package hint: upstart
Upstart in Natty introduced a framework to allow users to create and
manage their own upstart jobs.
This bug is to elaborate the support for user sessions and enable them
for oneiric.
Known problems that need to be overcome before user sessions can be
enabled:
= Known Issues =
== User Sessions do not Function Within a Chroot Environment ==
This appears to be because dbus itself is not workable within a
chroot. The Upstart chroot support added in natty side-steps this
issue by using the private (and hence root-only) comms link between
initctl and the init daemon (outside the chroot).
== Primary Group Query via D-Bus ==
D-Bus does not currently expose a public API call to allow Upstart to
query a users primary group. _dbus_user_info_fill_uid () seems to
exist for this but is a "secret" API (not in the public headers).
This needs to be addressed since without it, we cannot support user
sessions within a chroot environment without making the probably
invalid assumption that a chroot users primary group is identical to
the equivalently-named non-chroot-users primary group.
== Inability to Distinguish User Jobs from System Jobs ==
In Natty, if a user creates a job config file in ~/.init/, this will
be displayed by "initctl list". However, if that job were called say
"cron.conf", there would be two entries in "initctl list": one for the
system job called "cron" (/etc/init/cron.conf) and the other for the
users job (~/.init/cron.conf). This is in itself not a problem, but
what is an issue is that it is not possible to distinguish between the
two using initctl alone.
A simplistic solution to this problem would be a new switch on initctl
to show only user jobs and change initctl to *NOT* show user jobs by
default. This would make sense from a backwards-compatibility
perspective.
A better solution would be to modify the existing D-Bus method
GetJobByName such that it also returned ownership information
(essentially the Session object). This would allow initctl to annotate
the output of "initctl list" with owner details.
== Testing ==
=== Scenarios ===
User sessions -- like chroot support, which is built upon the same
foundation -- require careful testing. When enabled we have the
following primary scenarios to test:
- root job in non-chroot environment ("traditional" method of operation - available now).
- non-root job in non-chroot environment (aka non-chroot user job).
- root job in chroot environment (available now).
- non-root job in chroot environment (user job in chroot).
Careful consideration needs to be given to potential privilege
escalation issues.
=== Infrastructure ===
The existing Upstart test framework cannot currently accommodate
system/scenario tests as listed above.
Questions:
- How can we automatically handle the scenarios above? Can we use fakeroot/LD_PRELOAD to simulate root test runs?
- How do we handle full chroot testing?
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/776392/+subscriptions
More information about the foundations-bugs
mailing list