FS#76174 - [qemu-user-static-binfmt] Add O and C flags

Attached to Project: Arch Linux
Opened by Alex Medvědů (satcom886) - Tuesday, 11 October 2022, 22:20 GMT
Last edited by David Runge (dvzrv) - Sunday, 20 August 2023, 21:42 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Anatol Pomozov (anatolik)
David Runge (dvzrv)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Hi!

I recently changed from the AUR package that was removed (qemu-user-static-bin) and since then, running sudo in containers stopped working (sudo: effective uid is not 0). I thought the issue was with my containers, but eventually I found that this only happens with containers that are using QEMU emulation. I found this bug report that included a solution as well: https://github.com/multiarch/qemu-user-static/issues/17#issuecomment-518660227

I manually changed the flags on my machine from F to OCF and sudo in containers now works again.

Could the OCF flag be added to the new qemu-user-static-binfmt package?
This task depends upon

Closed by  David Runge (dvzrv)
Sunday, 20 August 2023, 21:42 GMT
Reason for closing:  Not a bug
Additional comments about closing:  Overrides for binfmt configuration can be provided via /etc/binfmt.d or /run/binfmt.d/
Comment by David Runge (dvzrv) - Thursday, 13 October 2022, 08:53 GMT
@satcom886: Thanks for the ticket!

Some of the flags have been discussed in https://bugs.archlinux.org/task/75855 (also see https://bugs.archlinux.org/task/75855#comment211062).

To quote the kernel documentation:

```
O - open-binary

Legacy behavior of binfmt_misc is to pass the full path of the binary to the interpreter as an argument. When this flag is included, binfmt_misc will open the file for reading and pass its descriptor as an argument, instead of the full path, thus allowing the interpreter to execute non-readable binaries. This feature should be used with care - the interpreter has to be trusted not to emit the contents of the non-readable binary.
C - credentials

Currently, the behavior of binfmt_misc is to calculate the credentials and security token of the new process according to the interpreter. When this flag is included, these attributes are calculated according to the binary. It also implies the O flag. This feature should be used with care as the interpreter will run with root permissions when a setuid binary owned by root is run with binfmt_misc.
```

I am not entirely convinced using these flags by default is a good idea.
Comment by Alex Medvědů (satcom886) - Thursday, 13 October 2022, 10:06 GMT
Oh shoot, sorry for the duplicate 😅. I tried searching for QEMU-related bugs here before opening, but I couldn't find anything relevant.

I was wondering why they're not default, this makes sense.
Comment by David Runge (dvzrv) - Thursday, 15 December 2022, 16:40 GMT
@satcom886: FTR: You can create your own overrides for this in /etc/binfmt.d/ or /run/binfmt.d/ (see https://man.archlinux.org/man/binfmt.d.5).
Comment by Alex Medvědů (satcom886) - Wednesday, 21 December 2022, 19:13 GMT
@dvzrv Oh yea, thanks, that's actually very helpful. I didn't know that.

Loading...