Received: by 10.223.185.116 with SMTP id b49csp700009wrg; Wed, 14 Feb 2018 05:46:00 -0800 (PST) X-Google-Smtp-Source: AH8x224WoZbZMdYMZVD0WtV28nZI4szHrHZ9IwCYp3oshZnXws8x6iifhz5S2klkubKQRXoGzd5L X-Received: by 2002:a17:902:bd01:: with SMTP id p1-v6mr4708099pls.172.1518615960134; Wed, 14 Feb 2018 05:46:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518615960; cv=none; d=google.com; s=arc-20160816; b=pWj/eN0m8F7PzeATd3Gk8FBSQX6HFuG30abOWpAz5qPB1DvoMiixboz+cw1e6E6y8F ynTK/TpVUKTSg+ZRVmw97+qqfx4cBAVo2bc3wz59c2OHnYx7AxJn1+FfVcF7iOIkAVTx LEbg6fCe999eJM6DpkBacMyx5X9cV+fyNXkd+ttkhUIIKjoL12+gs7+cYfWCTePOa4QG gaQ/JA6/DoAaOWG2qJks8u7LbX/G3o6z+rYNan4rO0AJrg7dPzdEomgTWtXm/rsRjSDI riIVebcvuMm/CbiKqnrAnZh7hHSJeREpgjt2RKcZfyB3e7Rq04oQFAPoZ7/H+wi0ilGd dg9Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:arc-authentication-results; bh=wdLgKcBG1IeCnYq+GhHT/6yzX66CmUsoi8dNpVGy4GA=; b=CmeOhQFQfkANMug0zy6s0MBPCc37ARH6MfiuE5AYh3x5k8GibIyqxCrG0VFnLZssRm h2w9JNdfMUwk/tUwSsZJb0xclhA1jdN+bZOEobDEPBCH5s8DaNbO7aVboQNOb8gOxTXO 7FqFnlc1QBurJkIcodwBiZNtRxHdf9R7vzo681uyUK8JQBZ6vMN8FZyF/CNrfg7fvDD5 8mFcmpNYu0CRM6tkbsdK63yINIi7qg3G43h/wFFL9O7ujCWTNjqpR74S0Gh5YOOqkNjA mTrFHdy5CUeyZXn4FLnGAi75JwoJ0eNU2Eal9UaR/vFKyIGzF5KSDJGTBGQ+XXPJrp7G iPbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e3si2365165pga.1.2018.02.14.05.45.44; Wed, 14 Feb 2018 05:46:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030466AbeBNNoi (ORCPT + 99 others); Wed, 14 Feb 2018 08:44:38 -0500 Received: from mail-qt0-f196.google.com ([209.85.216.196]:36807 "EHLO mail-qt0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1030395AbeBNNof (ORCPT ); Wed, 14 Feb 2018 08:44:35 -0500 Received: by mail-qt0-f196.google.com with SMTP id q18so7732536qtl.3 for ; Wed, 14 Feb 2018 05:44:35 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=wdLgKcBG1IeCnYq+GhHT/6yzX66CmUsoi8dNpVGy4GA=; b=fL1o0ftKlasCffbA8jkrUzGBP7JPhOqtgsar8N7p5J4y4rEUBGvAyiSG8aFp+NGWbt jzsHzihN3qz3p548x7OzTKlJ98LYZosWFG3v5dhcgz56XjxHvHDYnvOoKalj27gXrHiR 8Y5FhivOF9N2UvgpIa7VKdu98er/wWHvadOkqMMkW8LEGII1XmY+Mc6/DDYoX4ZXn415 q2FWfm6hP/9dq2JqC+O+bg/G8a9omIB6NPpYKBD6bwGdoMmikPvlc86SMEJeYfJA1s/x EfjqT1zsIgaNKgk8/B/mHiJC3t5B7a+T6D+yGt1n+d6EtMOJv/fcOur1EpgRzt8zVgCr kDwQ== X-Gm-Message-State: APf1xPAeyHTv2qbSydT8HDrpCc9/WddCOvU3OJ/u8a+yOXk0pv5QaF7a fLvw5vipHbe6OD51CkPLy6Ul2jBPPvNLt+j7p+pDJg== X-Received: by 10.200.51.124 with SMTP id u57mr5130912qta.127.1518615874520; Wed, 14 Feb 2018 05:44:34 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.95.17 with HTTP; Wed, 14 Feb 2018 05:44:34 -0800 (PST) In-Reply-To: References: From: Miklos Szeredi Date: Wed, 14 Feb 2018 14:44:34 +0100 Message-ID: Subject: Re: [PATCH 10/11] fuse: Allow user namespace mounts To: Dongsu Park Cc: lkml , Linux Containers , Alban Crequy , "Eric W . Biederman" , Seth Forshee , Sargun Dhillon , linux-fsdevel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park wrote: > From: Seth Forshee > > To be able to mount fuse from non-init user namespaces, it's necessary > to set FS_USERNS_MOUNT flag to fs_flags. > > Patch v4 is available: https://patchwork.kernel.org/patch/8944681/ > > Cc: linux-fsdevel@vger.kernel.org > Cc: linux-kernel@vger.kernel.org > Cc: Miklos Szeredi > Signed-off-by: Seth Forshee > [dongsu: add a simple commit messasge] > Signed-off-by: Dongsu Park > --- > fs/fuse/inode.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c > index 7f6b2e55..8c98edee 100644 > --- a/fs/fuse/inode.c > +++ b/fs/fuse/inode.c > @@ -1212,7 +1212,7 @@ static void fuse_kill_sb_anon(struct super_block *sb) > static struct file_system_type fuse_fs_type = { > .owner = THIS_MODULE, > .name = "fuse", > - .fs_flags = FS_HAS_SUBTYPE, > + .fs_flags = FS_HAS_SUBTYPE | FS_USERNS_MOUNT, > .mount = fuse_mount, > .kill_sb = fuse_kill_sb_anon, > }; I think enabling FS_USERNS_MOUNT should be pretty safe. I was thinking opting out should be as simple as "chmod o-rw /dev/fuse". But that breaks libfuse, even though fusermount opens /dev/fuse in privileged mode, so it shouldn't. That can be fixed in libfuse, but it's an unfortunate bug and it also means /dev/fuse is configured with "crw-rw-rw-" in most cases. Which means it will be opting out, not opting in, which is the less safe version. > @@ -1244,7 +1244,7 @@ static struct file_system_type fuseblk_fs_type = { > .name = "fuseblk", > .mount = fuse_mount_blk, > .kill_sb = fuse_kill_sb_blk, > - .fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE, > + .fs_flags = FS_REQUIRES_DEV | FS_HAS_SUBTYPE | FS_USERNS_MOUNT, > }; > MODULE_ALIAS_FS("fuseblk"); As I said, this hunk should be dropped from the first version, because it's possibly unsafe. Thanks, Miklos