Re: [Qemu-discuss] manipulating raw disk image as non-root user

[Jakob Bohm]

On 8/4/2014 7:46 AM, Tony Su wrote:
>   Apparently there is a Docker plugin for Jenkins.
> Makes a lot of sense.
> Although this blog is very thin on detail, I came across this today
> https://zapier.com/engineering/continuous-integration-jenkins-docker-github/
>
> HTH,
> Tony
>
> On Sat, Aug 2, 2014 at 11:40 PM, Tony Su <address@hidden> wrote:
> >   Without knowing exactly what your app is, and what are its
> > requirements it's hard to propose something specific.
> >
> > A small FYI -
> > I've been looking at several things recently that in general terms
> > might be considered to solve your problem, but without more detail I'd
> > be shooting in the dark.
> >
> > Possible Solution 1
> > I've been looking at Docker recently, very recent new features allow a
> > person to do some really powerful things, and many are in combination
> > with other virtual technologies like QEMU. Docker has become a way to
> > create a PAAS using LXC (Linux Containers). it's now much easier to
> > create both "full OS" image-based containers and also "App specific"
> > containers. The latter is similar in concept with Terminal Service
> > Application Mode if you're familiar with that... It's the idea that
> > within a given OS you can deploy an App in an isolated "virtual"
> > instance on demand and without a normal installation. From a Dev point
> > of view, this allows you to deploy an app (eg based on a Jenkins
> > build) as its own fully contained instance with dependencies and when
> > you "stop" the app, the app and its dependencies disappear, leaving
> > the OS "clean."
> >
> > Possible Solution 2
> > As I described in my earlier post, rights and permissions to
> > accomplish tasks are generally managed by Security Groups. You just
> > need to make your User account a member of the appropriate Security
> > Group (which may or may not be root). If you do this, to minimize
> > security issues as much as possible you should probably create a
> > special User account that isn't ordinarily used to Login. In the
> > Windows world, this would be called a Service account. The idea here
> > is that unlike Kris' suggestion, you don't need two separate processes
> > to accomplish tasks requiring different permissions... Use one account
> > and grant it all the permissions that are needed.
> >
> > Possible Solution 3
> > I've been intrigued by a recent article I read about using nodemon in
> > nodejs. Basically, an app is launched configured with the contents of
> > a particular folder. When the contents of the folder changes, nodemon
> > automatically re-builds and re-launches the app based on the changed
> > folder contents.
> >
> > All of the above are different solutions in different technologies
> > with a common thread... Deploying an app as dynamically as possible
> > for staging or production with minimal effort and if possible remove
> > all vestiges when the app is stopped.. Maybe one or more might be
> > relevant to finding a solution to your app. If your app is using a
> > technology different than the above, maybe you can find an equivalent
> > for the code you're working with.
> >
> > I also doubt that you should need to do all the functions you list. I
> > myself create a base image to use as a deployment target and clone it
> > as many times as I need to test each version of code. I would not want
> > to build something from scratch every time unless that is the actual
> > code being tested.
> >
> > HTH,
> > Tony
> >
> > On Sat, Aug 2, 2014 at 9:55 PM, Kris <address@hidden> wrote:
> > > I have a solution, but it seems a little complex: you can run a program
> > > (service A), and it provide some restful API. Then when Jenkins call your
> > > script, and your script call service API. Last, service A do what you want
> > > as root user.
> > >
> > >
> > > Best regards,
> > > Kris
> > >
> > > 在 2014年8月3日，下午12:42，Dallas Clement <address@hidden> 写道：
> > >
> > >
> > > On Sat, Aug 2, 2014 at 11:30 PM, Kris <address@hidden> wrote:
> > > > How about to use sudo to run it.
> > > >
> > > > Best regards,
> > > > Kris
> > > >
> > > > 在 2014年8月3日，上午10:05，Dallas Clement <address@hidden> 写道：
> > > >
> > > > On Sat, Aug 2, 2014 at 8:46 PM, Dale R. Worley <address@hidden>
> > > > wrote:
> > > > > > From: Dallas Clement <address@hidden>
> > > > > >
> > > > > > I would like to be able to create, partition, format, mount, and
> > > > > > populate a
> > > > > > raw disk image file as a non-root user.  I am able to create the image
> > > > > > file
> > > > > > with dd and partition it with parted as a non-root user.  I have not
> > > > > > figured out a way to format, mount, and populate it as a non-root user.
> > > > > >   Tools such as losetup and kpartx seem perfect for the task, but
> > > > > > unfortunately require root.
> > > > > >
> > > > > > Is it possible to do what I want with qemu?
> > > > >
> > > > > Since you can run Qemu as a non-root user, and you can present an
> > > > > arbitrary file to it as a disk, it seems that you should be able to
> > > > > use the standard disk tools within a Qemu guest to do what you want.
> > > > >
> > > > > Dale
> > > >
> > > >
> > > > Thanks Dale.  I was hoping I could do something like this.  I'll explore
> > > > that further.
> > > >
> > > > > Why do you wish to avoid root?
> > > >
> > > > Tony, I am wanting to run as non-root because it is my Jenkins
> > > > build-server that will be doing all of this which needs to run as non-root
> > > > for security sake.  I want the last stage of my build to produce a uSD card
> > > > image.
> > > >
> > > > How about to use sudo to run it.
> > >
> > > Can't do that unfortunately.  It's still elevated privileges.  Jenkins won't
> > > allow it.

I am afraid that the last few suggestions above have all been about 
really getting (partial) root privileges in various roundabout ways.

That is a bad idea.  The whole reason why tools such as Jenkins don't 
allow root is to ensure that an evil patch to some component (local or
upstream) cannot compromise the build server itself, and from there all
machines that run software built by that build server.

So here are some secure ways to create and manipulate disk images 
without any kind of root or other special privileges:

1. Formatting tools such as mkfs can be told to format a raw partition
image file directly by simply passing the filename where a disk device
is normally specified, plus sometimes adding an option not to complain
about that.

2. Partition images can be combined into disk images by clever use of
dd.

3. For some file systems there are programs that can create disk images
from a file tree.  The classic being mkisofs for CD images, but others
have been made.  For FAT file systems, the classic mtools can read and
write files in a raw image without root privileges.

4. The other option is to use qemu: Using the other techniques above,
create a bootable file system which will format and populate the second
hard drive of a virtual machine.  Then run qemu with the creator file
system as hard drive 1 and an empty raw disk image as hard drive 2. When 
the creator system completes, it should create some kind of "OK" file 
and shut down its machine, causing qemu to exit.  Then your build system 
(Jenkins) can check if the OK file was created or not before
proceeding to compress or otherwise package the image file.  Be sure to
configure qemu to redirect the "console tty" of the creator system to
qemu's own stdout, so you can see the output in the build log.


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded