From owner-freebsd-hackers@freebsd.org Wed Mar 14 01:35:06 2018 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3EA06F3A584 for ; Wed, 14 Mar 2018 01:35:06 +0000 (UTC) (envelope-from nonesuch@longcount.org) Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A3D80812F2 for ; Wed, 14 Mar 2018 01:35:05 +0000 (UTC) (envelope-from nonesuch@longcount.org) Received: by mail-wm0-x22a.google.com with SMTP id h21so976151wmd.1 for ; Tue, 13 Mar 2018 18:35:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=longcount-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=fD8lb8MgTZ+lHtYLdUWYTsQgZwLBL7TRD/P7pYSLe00=; b=KdptHDccphI33pWvrEBNf75sxPzJdaWvJzW/AQHeL7HKAPHykpsoF8aBDh3THS5A9P Nv60WgZguEo6k9xJzSmwzAu23L7V6AoN7F7YbN4l2ieEzfSjTifzH3qeXF7mjFpPJRmz f3OfTMobgJzZYEWblDSlMuQSaxWYnP/eleJNOd2U0SJs0XRn3GaeWKMJlg21TBtn7oFX URhofosvFEMA3Md3K45Xzy3IIx2wnOCxxf9NnBQqUaJzGpu1DbUtqToDgaHoFOMGnH+8 wBQ7Fheajo609HorYOT2+B/y2j9TnzJdickxGrnDJG6VkI2caQboRuq3feDYhsIHYdP4 XADg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=fD8lb8MgTZ+lHtYLdUWYTsQgZwLBL7TRD/P7pYSLe00=; b=uC2HBpvdKMcJaezeZAjQdGD0VOGkVrPX6k1gTtQBTNh+99qk1itA1KkRf3g1x7mrD1 ppeBK7u+P0gEtO5H86xtJqYNFKiwMK68pyjAOfn6c4FNbrRwGikGr/7gF1IrpDBCwvmG KAR4Tn+6BW8aTjq0S6pejVlUUaNb9danuoXhxbA3zILegjaaNVZMo0w/Xs1ZQ46L3/xT KhGRC8mPoPzpnlkwRq9IHv50nowgLfTZ4PhXiUQ1he8FOPgL/TtBlbWpfwTMyM4g/wQM ridh5qKNhSIRGTn+WF4PHXvN82FfperpGSiwmwnoua80cdX5yjz/4NRJJmR0STqMoB14 fGlA== X-Gm-Message-State: AElRT7FpjmnMNxgDHGCB9NppTmntolxnC/gl7BmDK0HBXyuPPsu8IOH9 GYuFqqBbtA1UrsEcDEbL5GauRbwm+RRFYvqQqyp5sw== X-Google-Smtp-Source: AG47ELtH/P4CotK3TaY92vAGmPFGLXu5zLlTXxUvSqAh8h8z0ptgJZ6jWkGVxm74vtd3lPZ3K+mrMObGoSQ2UeIgSnQ= X-Received: by 10.80.136.85 with SMTP id c21mr2808227edc.259.1520991304462; Tue, 13 Mar 2018 18:35:04 -0700 (PDT) MIME-Version: 1.0 Received: by 10.80.140.35 with HTTP; Tue, 13 Mar 2018 18:35:04 -0700 (PDT) X-Originating-IP: [67.82.37.227] In-Reply-To: <201803140125.w2E1Ps8j085810@pdx.rh.CN85.dnsmgr.net> References: <201803140125.w2E1Ps8j085810@pdx.rh.CN85.dnsmgr.net> From: Mark Saad Date: Tue, 13 Mar 2018 21:35:04 -0400 Message-ID: Subject: Re: GSoC Idea: per-process filesystem namespaces for FreeBSD To: "Rodney W. Grimes" Cc: Warner Losh , Kristoffer Eriksson , "freebsd-hackers@freebsd.org" , Theron Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2018 01:35:06 -0000 On Tue, Mar 13, 2018 at 9:25 PM, Rodney W. Grimes wrote: >> > On Mar 13, 2018, at 7:16 PM, Warner Losh wrote: >> > >> > >> > >> >> On Tue, Mar 13, 2018 at 4:31 PM, Mark Saad w= rote: >> >> >> >>> On Mar 13, 2018, at 5:43 PM, Warner Losh wrote: >> >>> >> >>>> On Tue, Mar 13, 2018 at 1:55 PM, Kristoffer Eriksson = wrote: >> >>>> >> >>>> >> >>>>> On 13 Mar 2018 12:53:18, Theron wrote: >> >>>>> For those unfamiliar with Plan9, here is a rough explanation of th= e >> >>>>> namespace feature: unlike in Unix, where all processes share the s= ame >> >>>>> virtual filesystem, each process instead has its own view of the >> >>>>> filesystem according to what has been mounted ... >> >>>> >> >>>> What if I mount a new /etc with a passwd file where root has no >> >>>> password, and then run "su"? >> >>>> >> >>>> (How does Plan9 handle that?) >> >>>> >> >>> >> >>> Plan9 handles that by having a daemon that does user authentication.= It's >> >>> actually more complicated than that, but the machine owner has contr= ol over >> >>> who can do what. For this to work in FreeBSD, either we'd need to di= sallow >> >>> the 'file' type for passwd, or we'd have to do something sensible wi= th >> >>> setuid programs. Well, maybe not 'or' but 'and' since the security o= f >> >>> setuid programs depends on the security of the filesystem.... Plan 9 >> >>> doesn't have these complications, so it can offer a user malleable >> >>> filesystem without security risk. >> >>> >> >>> Warner >> >> >> >> A kind of related task; FreeBSD could benefit from : Fixing and imp= roving unionfs / nullfs. There are some weird issues with the current union= fs and while it works in many cases there are some edge cases where the com= ments are something like ? FreeBSD needs a proper stacking vfs ...? the e= xamples I can think of ; imagine you have a jail , chroot or even a Pxe boo= ted system where you want a a read only null mount from the hosts /bin to t= he targets /bin . Now expand that to most of the base system and the mount = tmpfs?s for /tep /var/log etc. most of that works but try to unmount it in= the wrong order or thrash a unionfs with lots of writes ,on top of a tmpfs= and things break . >> >> So to be clear the project would be to better document the various us= es of unionfs and nullfs that work , for the ones that do not diving into t= he stacking vfs and seeing if it could be implemented and if it would help = . >> >> >> >> Alternatively making FreeBSD multiboot compliant would rock . This wo= uld allow FreeBSD to natively boot from ipxe or syslinux derivates; thus al= lowing you to boot a working FreeBSD install via a kernel and mfsroot image= off a web server . >> > >> > There appears to already be a multiboot.c in the bootloader. I've been= told by others in the past it just works... >> > >> > Warner >> >> I am going down the rabbit hole to see how it works . > > If you have any questions I am happy to share my working tooling. > I think you are both missing my point. I can boot FreeBSD with ipxe loading mfsbsd style setups like this :freebsd initrd ${base-root}/freebsd/mfsroot.gz chain ${base-root}/other/memdisk harddisk raw I want to be able to boot and run it like I would Linux or ESXi with the ability to directly load an kernel and a mfsroot/initrd and pass kernel loader arguments :centos674 set centos674_args edd=3Doff ramdisk_size=3D50000 nomodeset ks=3D${centos-root}/CentOS6.7_x64/ks/supermicro-4drives.ks ksdevice=3D${net0/mac} verbose ip=3Ddhcp root-path=3D${centos-root}/CentOS6.7_x64/OS/ net.ifnames=3D0 biosdevname=3D= 0 nousb echo ${centos674_args} kernel ${base-root}/centos/CentOS6.7_x64/isolinux/vmlinuz ${centos674_args} initrd ${base-root}/centos/CentOS6.7_x64/isolinux/initrd.img > ... > > isc-dhcp from ports, > base system tftp setup via inetd > some bits of syslinix 6.03 > proper set of iPXE.exe binaries built with iSCSI, http and nfs support, > you wont need iSCSI, I use that for other things like Windblows. > I boot direct from iPXE to nfs loaded kernel, only thing tftp is used > for is getting a modern version of iPXE onto the booting system. > > iPXE loads a menu.ipxe to allow OS selection. > menu.ipxe loads /boot/pxeboot via NFS > YOU SHALL HAVE ISSUES HERE most pxeboot images are broken > pxeboot loads kernel via NFS > kernel runs, end up in /etc/rc.diskless that does the rest of the magic. > > > -- > Rod Grimes rgrimes@freebs= d.org --=20 mark saad | nonesuch@longcount.org