Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754748AbbKQUMZ (ORCPT ); Tue, 17 Nov 2015 15:12:25 -0500 Received: from a.ns.miles-group.at ([95.130.255.143]:11949 "EHLO radon.swed.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753486AbbKQUMW (ORCPT ); Tue, 17 Nov 2015 15:12:22 -0500 Subject: Re: [PATCH v3 0/7] User namespace mount updates To: Octavian Purdila , Seth Forshee References: <1447778351-118699-1-git-send-email-seth.forshee@canonical.com> <20151117170556.GV22011@ZenIV.linux.org.uk> <20151117172551.GA108807@ubuntu-hedt> <20151117175506.GW22011@ZenIV.linux.org.uk> <20151117183444.GB108807@ubuntu-hedt> <20151117192141.GD108807@ubuntu-hedt> Cc: Al Viro , "Eric W. Biederman" , linux-bcache@vger.kernel.org, device-mapper development , "linux-raid@vger.kernel.org" , "linux-mtd@lists.infradead.org" , linux-fsdevel , LSM , selinux@tycho.nsa.gov, Serge Hallyn , Andy Lutomirski , LKML , "Theodore Ts'o" From: Richard Weinberger Message-ID: <564B8A20.9090607@nod.at> Date: Tue, 17 Nov 2015 21:12:16 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.4.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1927 Lines: 45 Am 17.11.2015 um 20:25 schrieb Octavian Purdila: > On Tue, Nov 17, 2015 at 9:21 PM, Seth Forshee > wrote: >> >> On Tue, Nov 17, 2015 at 08:12:31PM +0100, Richard Weinberger wrote: >>> On Tue, Nov 17, 2015 at 7:34 PM, Seth Forshee >>> wrote: >>>> On Tue, Nov 17, 2015 at 05:55:06PM +0000, Al Viro wrote: >>>>> On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote: >>>>> >>>>>> Shortly after that I plan to follow with support for ext4. I've been >>>>>> fuzzing ext4 for a while now and it has held up well, and I'm currently >>>>>> working on hand-crafted attacks. Ted has commented privately (to others, >>>>>> not to me personally) that he will fix bugs for such attacks, though I >>>>>> haven't seen any public comments to that effect. >>>>> >>>>> _Static_ attacks, or change-image-under-mounted-fs attacks? >>>> >>>> Right now only static attacks, change-image-under-mounted-fs attacks >>>> will be next. >>> >>> Do we *really* need to enable unprivileged mounting of kernel filesystems? >>> What about just enabling fuse and implement ext4 and friends as fuse >>> filesystems? >>> Using the approaching Linux Kernel Libary[1] this is easy. >> >> I haven't looked at this project, but I'm guessing that programs must be >> written specifically to make use of it? I.e. you can't just use the >> mount syscall, and thus all existing software still doesn't work? >> > > The projects includes a lklfuse program that uses fuse to mount a > fileystem image. Cool. I gave it a try. It seems to work fine, but only if I run it in foreground (using -d) otherwise fuse blocks every filesystem request. Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/