Skip to content

Refactor process identity to support unified fakeroot mode#114

Open
doanbaotrung wants to merge 1 commit into
sysprog21:mainfrom
open-sources-port:fakeroot
Open

Refactor process identity to support unified fakeroot mode#114
doanbaotrung wants to merge 1 commit into
sysprog21:mainfrom
open-sources-port:fakeroot

Conversation

@doanbaotrung

@doanbaotrung doanbaotrung commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator

Refactor process identity to support unified fakeroot mode

Replace the raw numeric UID/GID overrides (ELFUSE_GUEST_UID and
ELFUSE_GUEST_GID) with a unified --fakeroot CLI switch and
ELFUSE_FAKEROOT=1 environment variable.

This change aligns the process identity surface with the existing
fakeroot-style chown-overlay. When fakeroot mode is enabled:

  • The emulated process UID, EUID, SUID, GID, EGID, and SGID are set
    to 0 (root).
  • sc_capget() returns full capability sets, with the high capability
    word masked to LINUX_CAP_LAST_CAP to prevent impossible capabilities.
  • sys_getgroups() returns a single supplementary group (GID 0).

Fakeroot mode defaults to false (disabled). In this default state, the
guest process runs with an unprivileged emulated identity (UID/GID 1000).

Limitations of fakeroot mode:

  • It only emulates root status on the guest-identity surface (getuid,
    geteuid, capget, getgroups, etc.) and virtual file attributes inside
    the guest (chown-overlay).
  • It does NOT grant real host-level root privileges, nor does it bypass
    macOS sandboxing, file system permissions, or other host-level security
    constraints.

Also increase child_argv size in forkipc.c to 16 to prevent overflow
when propagating optional flags, and update host and guest tests to
adapt to the fakeroot behavior.


Summary by cubic

Introduce a unified fakeroot mode that emulates root identity and capabilities, replacing numeric UID/GID overrides. This lets package managers and other root-checking tools run without host sudo.

  • New Features

    • --fakeroot flag and ELFUSE_FAKEROOT=1 env enable root emulation (default off).
    • When enabled: all UIDs/GIDs are 0; capget reports full sets (masked to LINUX_CAP_LAST_CAP); getgroups returns [0].
    • Fork/clone children inherit --fakeroot.
  • Refactors

    • Removed ELFUSE_GUEST_UID/ELFUSE_GUEST_GID; AUX vector and /proc/*/status now read from proc_get_*.
    • Increased fork child argv capacity to 16 to safely propagate optional flags.
    • Tests updated; added test-identity-override-host and hooked into make check.

Written for commit 4a5626e. Summary will update on new commits.

Review in cubic

@doanbaotrung

doanbaotrung commented Jun 30, 2026

Copy link
Copy Markdown
Collaborator Author

Fix #103

cubic-dev-ai[bot]

This comment was marked as resolved.

Comment thread Makefile Outdated
@echo " LD $@"
$(Q)$(CC) $(CFLAGS) -o $@ $^


Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove this blank line.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed

@jserv jserv left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mention the default value (false) of fakeroot mode and its limitations in git commit messages.

Replace the raw numeric UID/GID overrides (ELFUSE_GUEST_UID and
ELFUSE_GUEST_GID) with a unified --fakeroot CLI switch and
ELFUSE_FAKEROOT=1 environment variable.

This change aligns the process identity surface with the existing
fakeroot-style chown-overlay. When fakeroot mode is enabled:
- The emulated process UID, EUID, SUID, GID, EGID, and SGID are set
  to 0 (root).
- sc_capget() returns full capability sets, with the high capability
  word masked to LINUX_CAP_LAST_CAP to prevent impossible capabilities.
- sys_getgroups() returns a single supplementary group (GID 0).
Fakeroot mode defaults to false (disabled). In this default state, the
guest process runs with an unprivileged emulated identity (UID/GID 1000).

Limitations of fakeroot mode:
- It only emulates root status on the guest-identity surface (getuid,
  geteuid, capget, getgroups, etc.) and virtual file attributes inside
  the guest (chown-overlay).

- It does NOT grant real host-level root privileges, nor does it bypass
  macOS sandboxing, file system permissions, or other host-level security
  constraints.

Also increase child_argv size in forkipc.c to 16 to prevent overflow
when propagating optional flags, and update host and guest tests to
adapt to the fakeroot behavior.
@doanbaotrung

Copy link
Copy Markdown
Collaborator Author

Updated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants