Received: by 10.223.185.116 with SMTP id b49csp621660wrg; Wed, 14 Feb 2018 04:30:42 -0800 (PST) X-Google-Smtp-Source: AH8x224VxWKcTohL7/JEUy62ehhWpeAem4Ei2DXg363kwdnkkzgI4RV5P1LIv6dX8VSr/B2TnEyd X-Received: by 10.99.114.86 with SMTP id c22mr3759441pgn.41.1518611442212; Wed, 14 Feb 2018 04:30:42 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518611442; cv=none; d=google.com; s=arc-20160816; b=p/9pZRoWpOKsbFGCy0x9rvKg3gJ6W+2Mai6dHImrXMPS3OROInP0ltAqTuTCnbwltl K835xLVgK6rR7bUINAtcCsBKzekYi9/4imjgmDWKRJMEfHY/Ye7JNnMfr4bezzIONIkq UB0HCTkD6pNmToDc3I/G0+RbhUfGfFq0UGaUzhzJdjhGcrEAk6O4UScgts6PQnra9nCa Erk0fE2Y3GfQmLOKErZdAP8D3/g39KSMxPjagNQz4a5nwxeaVV0g5sMi//PjufkvzDlO KOfmwpsWmHw6edgEI/r+BhfsgJgoVcFbazc72/7HBH/bj4iAzccc1QRUpI6BgFanEjCK qqpw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:arc-authentication-results; bh=QvxTLYTxGAlgdDNQb19NXeptSUwLB/z9vOQFASVAsOE=; b=gdFX1O/iFY8ES4UFgsjEdJB+dgsFSvJbUK4WBF4ACqe2NlML30k4COvEWG0bePMU2Z YhoHEQcX3xhDqd1fbqTBzEORFXhCZW1tRw1TlZNhr2YigOp24R0R95V/7jbTf0zF9Y7N guQ0tcX0WNdSCprxqeaiXbJ5AUsSJ62UX/eIR0o4DhYPzhK/kZFYHF2ykAioCud6rJ38 pz+u+AmEUzBfk6NxcHf1E+gWgjRfi7c0SYFmfAIW+1BTP/hS5QXyUhui8FuKSupTxoRo t7K0iLYnPoB1o2n6bnaYhjC+qxHrj67k0uckCb8tCvoyMtzj4dcDsGE8rZHD7CFqEWH4 ZybA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u1-v6si5687672plq.797.2018.02.14.04.30.27; Wed, 14 Feb 2018 04:30:42 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S967673AbeBNM2Q (ORCPT + 99 others); Wed, 14 Feb 2018 07:28:16 -0500 Received: from mail-qk0-f181.google.com ([209.85.220.181]:41373 "EHLO mail-qk0-f181.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S967454AbeBNM2N (ORCPT ); Wed, 14 Feb 2018 07:28:13 -0500 Received: by mail-qk0-f181.google.com with SMTP id h129so6427398qke.8 for ; Wed, 14 Feb 2018 04:28:12 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=QvxTLYTxGAlgdDNQb19NXeptSUwLB/z9vOQFASVAsOE=; b=uLx25T53IlOdtVMeYBbi8Biv4j49+25A3SHKgVJw3hOyAwN67hbOBP9Q+mwzu+piou 4gwVvcVKlS3+lhqrMKA/r0z2ZHae/Cs8OG+0oQLTaMqOGS6x14OcaudDatjqySbJ1ZcI Hl44t8Sup5T0xDA13M2V0Ee3k4SzfpDFynQu0Qw/0y+sGuEQCbVhDEkgqIPh9w0/9DjP V3gFYkF2bDTwzV9WsTIWaN9tV5Z2hGVQ8wWqo/cxRc0o7Poj0hTgNd+2UCcGE8imyZgL +sG38M4JBRH/WW+YxwJ9CuSd8xLyd2vUIfDBX8sRh0fkGUQL2f4y8rq8YB4tgwLxbbA6 I5vA== X-Gm-Message-State: APf1xPA4C6czz4MUmHljShh/qPP4uq3qDrYyjt19yZKcQse1AzjIP3W3 ins/9eXimIXXVdyLnY+rENtnib8hcphHfCTNWx8ZE/bJ X-Received: by 10.55.157.76 with SMTP id g73mr7453101qke.107.1518611292463; Wed, 14 Feb 2018 04:28:12 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.95.17 with HTTP; Wed, 14 Feb 2018 04:28:12 -0800 (PST) In-Reply-To: <61a37f0b159dd56825696d8d3beb8eaffdf1f72f.1512041070.git.dongsu@kinvolk.io> References: <61a37f0b159dd56825696d8d3beb8eaffdf1f72f.1512041070.git.dongsu@kinvolk.io> From: Miklos Szeredi Date: Wed, 14 Feb 2018 13:28:12 +0100 Message-ID: Subject: Re: [PATCH 07/11] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems To: Dongsu Park Cc: lkml , Linux Containers , Alban Crequy , "Eric W . Biederman" , Seth Forshee , Sargun Dhillon , linux-fsdevel , Alexander Viro Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park wrote: > From: Seth Forshee > > The user in control of a super block should be allowed to freeze > and thaw it. Relax the restrictions on the FIFREEZE and FITHAW > ioctls to require CAP_SYS_ADMIN in s_user_ns. Why is this required for unprivileged fuse? Fuse doesn't support freeze, so this seems to make no sense in the context of this patchset. Thanks, Miklos