Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753334AbbFANHh (ORCPT <rfc822;w@1wt.eu>);
	Mon, 1 Jun 2015 09:07:37 -0400
Received: from mail-qc0-f172.google.com ([209.85.216.172]:34856 "EHLO
	mail-qc0-f172.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1753007AbbFANHI (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Mon, 1 Jun 2015 09:07:08 -0400
MIME-Version: 1.0
X-Originating-IP: [217.173.38.102]
In-Reply-To: <20150527125546.GA22018@ubuntu-xps13>
References: <20150401155515.GA2994@unsen.q53.spb.ru>
	<CAJfpegvYrJBmnfqk0zO6EWbaiqxuN4anx6Fpw07_P5+s0P1RVw@mail.gmail.com>
	<20150502155623.GD13083@unsen.q53.spb.ru>
	<CAJfpegsKqG5RX=QueeEewbu4prAF2SZMXT12PkSQTiTutHR-2Q@mail.gmail.com>
	<20150522144702.GA126334@ubuntu-hedt>
	<87iobk4id8.fsf@x220.int.ebiederm.org>
	<20150522185932.GC126334@ubuntu-hedt>
	<20150526152138.GB4531@tucsk.suse.de>
	<20150526161451.GB10248@ubuntu-hedt>
	<87k2vuvgpv.fsf@x220.int.ebiederm.org>
	<20150527125546.GA22018@ubuntu-xps13>
Date: Mon, 1 Jun 2015 15:07:07 +0200
Message-ID: <CAJfpegv1AOHjLUtfUHDD8BWiQBs4Ug83RsthPuF206mqYePXFg@mail.gmail.com>
Subject: Re: [fuse-devel] fuse_get_context() and namespaces
From: Miklos Szeredi <miklos@szeredi.hu>
To: Seth Forshee <seth.forshee@canonical.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>, alexey@kurnosov.spb.ru,
        Andy Lutomirski <luto@amacapital.net>,
        Serge Hallyn <serge.hallyn@ubuntu.com>,
        fuse-devel <fuse-devel@lists.sourceforge.net>,
        Linux-Fsdevel <linux-fsdevel@vger.kernel.org>,
        Kernel Mailing List <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 875
Lines: 22

On Wed, May 27, 2015 at 2:55 PM, Seth Forshee
<seth.forshee@canonical.com> wrote:

> I haven't seen anything to indicate that this filesystem will be broken
> by this, just that it's broken by untranslated pids. Presumably it would
> just reject any requests which aren't representable in its namespace.

Without failing the operation there never will be any indication that
a filesystem is broken.  So I guess the safe way would be

 - deny access for untranslated pids (uids, gids, etc).

 - if this becomes an issue (possibly a perfomance issue), then add a
flag to disable pids (and/or uids, gids) completely.

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/