Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S932137AbbKQT1I (ORCPT <rfc822;w@1wt.eu>);
	Tue, 17 Nov 2015 14:27:08 -0500
Received: from a.ns.miles-group.at ([95.130.255.143]:11951 "EHLO radon.swed.at"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754666AbbKQT1F (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Tue, 17 Nov 2015 14:27:05 -0500
Subject: Re: [PATCH v3 0/7] User namespace mount updates
To: Seth Forshee <seth.forshee@canonical.com>
References: <1447778351-118699-1-git-send-email-seth.forshee@canonical.com>
 <20151117170556.GV22011@ZenIV.linux.org.uk>
 <20151117172551.GA108807@ubuntu-hedt>
 <20151117175506.GW22011@ZenIV.linux.org.uk>
 <20151117183444.GB108807@ubuntu-hedt>
 <CAFLxGvx1UqJOhM3wqAGqT+TrkapeP1zkmg0a1K=DjySePx4mEA@mail.gmail.com>
 <20151117192141.GD108807@ubuntu-hedt>
Cc: Al Viro <viro@zeniv.linux.org.uk>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        linux-bcache@vger.kernel.org,
        device-mapper development <dm-devel@redhat.com>,
        "linux-raid@vger.kernel.org" <linux-raid@vger.kernel.org>,
        "linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        LSM <linux-security-module@vger.kernel.org>, selinux@tycho.nsa.gov,
        Serge Hallyn <serge.hallyn@canonical.com>,
        Andy Lutomirski <luto@amacapital.net>,
        LKML <linux-kernel@vger.kernel.org>, "Theodore Ts'o" <tytso@mit.edu>,
        Octavian Purdila <octavian.purdila@intel.com>
From: Richard Weinberger <richard@nod.at>
Message-ID: <564B7F83.1050701@nod.at>
Date: Tue, 17 Nov 2015 20:26:59 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <20151117192141.GD108807@ubuntu-hedt>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1773
Lines: 38

Am 17.11.2015 um 20:21 schrieb Seth Forshee:
> On Tue, Nov 17, 2015 at 08:12:31PM +0100, Richard Weinberger wrote:
>> On Tue, Nov 17, 2015 at 7:34 PM, Seth Forshee
>> <seth.forshee@canonical.com> wrote:
>>> On Tue, Nov 17, 2015 at 05:55:06PM +0000, Al Viro wrote:
>>>> On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote:
>>>>
>>>>> Shortly after that I plan to follow with support for ext4. I've been
>>>>> fuzzing ext4 for a while now and it has held up well, and I'm currently
>>>>> working on hand-crafted attacks. Ted has commented privately (to others,
>>>>> not to me personally) that he will fix bugs for such attacks, though I
>>>>> haven't seen any public comments to that effect.
>>>>
>>>> _Static_ attacks, or change-image-under-mounted-fs attacks?
>>>
>>> Right now only static attacks, change-image-under-mounted-fs attacks
>>> will be next.
>>
>> Do we *really* need to enable unprivileged mounting of kernel filesystems?
>> What about just enabling fuse and implement ext4 and friends as fuse
>> filesystems?
>> Using the approaching Linux Kernel Libary[1] this is easy.
> 
> I haven't looked at this project, but I'm guessing that programs must be
> written specifically to make use of it? I.e. you can't just use the
> mount syscall, and thus all existing software still doesn't work?

You can easy bridge fuse and the LKL, I did already a hacky PoC. Worked nicely.
Octavian's tree has some nice examples, and AFAIK he is currently working
on a "mount any kernel fs via fuse" tool.

Thanks,
//richard
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/