* Present
+ Tor, Michael, Ash
* mounting & chroot
+ ro bind mount...
* how does the sticky bit solve the problem ?
+ stops renames
#1 wsd drops it in the temp directory
+ race here ...
#2 forkit changes its uid etc.
#3 kit process can't remove / write into it.
=> not so convinced it works.
* Current foo:
#1 Try to bind-monut
#2 Try to hard-link -> skipped for stackable
#3 Try to copy & then hard-link
#4 Fall-back to copy.
* Docker:
+ bind mounting works ? ...
+ has to be run as privileged.
=> don't think this is the default.
* Problems with bind mount:
+ /etc/hosts -> stale / complain & fallback (?)
+ problem: we can't write into the systemplate from loolwsd
+ if we can't update systemplate.
+ updateDynamicFilesImpl
* Normal bind mounts:
/dev/nvme0n1p3 on jails/8qrO13439YRs235G type btrfs ro -> systemplate
/dev/nvme0n1p3 on jails/8qrO13439YRs235G/lo type btrfs ro -> lo-template ? /opt/collaboraoffice/...
/dev/nvme0n1p3 on jails/8qrO13439YRs235G/tmp type btrfs rw -> empty & write-able.
https://man7.org/linux/man-pages/man2/setns.2.html
Mount namespaces
Changing the mount namespace requires that the caller
possess both CAP_SYS_CHROOT and CAP_SYS_ADMIN capabilities
in its own user namespace and CAP_SYS_ADMIN in the user
namespace that owns the target mount namespace.
* BSD uses mount:
tools/mount.c:
#ifdef __FreeBSD__
* Files in the jails:
+ 8k of these ... -> a lot of syscalls if we do this manually.
+ link works with CAP_FOWNER fairly nicely ...
+ there in docker defaults.
* Have a reliable way to update the systemplate (?)
+ solve the fonts case too ?
* systemplate -> has 4k files ...
* FUSE -> un-privileged ?
+ CAP_SYSADMIN needed for FUSE (?)
* Files:
+ /usr/share/zoneinfo -> 2k files.
+ order of ~500 fonts ...
* download fonts ... (Tor)
+ opens the fontconfig file again and mmaps it.
+ pre-load all the fonts in the preinit.
* Currently -> 1.8k separate memory maps in forkit process.
=> reduce this by static linking COOL -> long run.
* mapping fonts only for new processes ... [!] ...
* freetype -> does it hold fonts open / mapped ?
+ ...
* patch cairo & pixman already
+ could patch / check this to not re-load fonts (?)
* Possible:
+ mmap the fonts first ...
+ possible to make kit processes do this ...
+ sudo strace - and see ...
* CAP_SYSADMIN issue
+ don't want this for forkit due to code weight
+ but need for setns / clone NS magic.
+ which is we have separate helpers for this.
* 1&1 have a mount point to the real-host to avoid slow copying.
* So
+ map fonts in forkit and inherit them in children
or
+ hard-link them into /tmp as we set it up & get paths right somehow
+ we have a symlink inside the systemplate -> goes to /tmp somehow ?
matching the path that we load the fonts in forkit
+ why can't we hard-link just these few fonts into the original
directory for /tmp - which is per-document.
* why is systemplate/etc/hosts not pointing at /tmp/hosts ?
+ pre-dates /tmp directory (?)
+ dynamic files should go into /tmp and get copied ? ...
+ if you can't bind-mount -> need to re-create these ...
* re-opening in kit process makes everything a nightmare:
+ weird symlinks etc.
==> easiest way is to try to understanding mapping of fonts
and to do this once (for downloaded fonts) in the forkit process
+ so lets work to get the (new for now) fonts loaded in
the forkit, mapped, and available at all times in the new
kit child processes.
+ lets drop the sticky bit ... for now.