Received: by 10.223.185.116 with SMTP id b49csp1759572wrg; Thu, 15 Feb 2018 00:47:55 -0800 (PST) X-Google-Smtp-Source: AH8x227YChqgva+mPFIJP45noliXCluQ6qpHu5lQtJ0F51tuJDavFQ8QcUFeP9z/hPFwftPb6xtA X-Received: by 2002:a17:902:fa2:: with SMTP id 31-v6mr1891849plz.346.1518684475105; Thu, 15 Feb 2018 00:47:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1518684475; cv=none; d=google.com; s=arc-20160816; b=s1Kyz3GOXhjlFwKIFgBZrdSlYXPSCVOe9nNTKeLJzUUFcEwQogepa7yWL5uRcUQajf kwYtsHl+jmKs+fXEPafz6J+RNI30OZ1biLglgx1XV9U9l5Vk+7I5Yiq8Z4dJlyzsr7KO uH2pripj7ztz06FxUWkOO7pRX7fy6ZXa3iABgqpOjHRmsBPfTs9WSYKnQszlMYmtDMMm 1/zYUO1XVwXv8dn6IsnaZtavpfQcC/8rXJ3wU8KvHIjA7nGzeX9nVuEv2wjiRI24lVf7 kpGqf97GxeudhGYnDtKyMKu2XJlUJu78Y5rRLuktlNpGehxpNj4fo5zN/j4707UnRR1x 85lQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:arc-authentication-results; bh=6tuqDXZcyNFg4oKLsuw/b7im/XAEDnC6RlLO9GpZTCQ=; b=maHZoDmNaP7mQGYuXjkw/cneU5pc5INgLK2+L4thCqcSQNbC8poYhHw094uuOD1UwJ 7PRSc/03FSabLsTfddGNkuJorAzB1JTRCLRD52tQqVyC5I2PKxogllGEIByyQxEJxYVo eXTp63jB8wR7mxIG4HcbaGCmknuiO7PU2qS2AvefTuk7ksrcVf3P1S4piWloGYKp3T0M PWW8t8X/URNdD1HLq6NsNpVlbF/PsZDqUdkSou/GVH61Z/3TFHS26aGoySDBEIgLNeTv BG0m5qZnZgsnKvADXHjBu07B2P/DtPtNK5mp/Dzcczv2gYMrjeuM4uo7QbgarPdQIdw3 pFXQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o190si2430419pga.553.2018.02.15.00.47.41; Thu, 15 Feb 2018 00:47:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S966987AbeBOIqz (ORCPT + 99 others); Thu, 15 Feb 2018 03:46:55 -0500 Received: from mail-qt0-f196.google.com ([209.85.216.196]:42070 "EHLO mail-qt0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S966555AbeBOIqw (ORCPT ); Thu, 15 Feb 2018 03:46:52 -0500 Received: by mail-qt0-f196.google.com with SMTP id k25so5000621qtj.9 for ; Thu, 15 Feb 2018 00:46:52 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=6tuqDXZcyNFg4oKLsuw/b7im/XAEDnC6RlLO9GpZTCQ=; b=epR0MRvRI/iyjSXXCF0lnM37OEDhgMLJ43G6wTisAV+6hQKoguIBeTD4NFiFtEhWr1 uvSWQ0/8Bu95xaZSJLxpnJqb68KZziQoM8Z87DGbuGDKm6dUhUjjT84056N0BqraXlj9 PvkU00hpDuGkV2AXcDwxkaNpE2EB9TrXyJauEXdoA+UxzFqyi0+qwdmG/kYS+Mg4PYdl neTpFCkGGv9makW3aBwqp+jiPPk+SNvbT4Xsy9MLUT62CAIPGRxQtQWTYGeQWyqNkJIi W1HAEiF7VfmKezBMLsvq77X0is88ba4D6osH9uDHJi0scSLo6nmqAM2MljPjuzp3/khy 7D0Q== X-Gm-Message-State: APf1xPBwths5HNtHIn+7qcCNy8CpWqaGJGFfaRKO1HLClsGQi4SbAQWb A+5f7BGn9kABU73M0/hoY0AwdtEarHlBqnGkfzdf0Q== X-Received: by 10.237.35.87 with SMTP id i23mr3005493qtc.59.1518684412151; Thu, 15 Feb 2018 00:46:52 -0800 (PST) MIME-Version: 1.0 Received: by 10.140.95.17 with HTTP; Thu, 15 Feb 2018 00:46:51 -0800 (PST) In-Reply-To: References: From: Miklos Szeredi Date: Thu, 15 Feb 2018 09:46:51 +0100 Message-ID: Subject: Re: [PATCH 10/11] fuse: Allow user namespace mounts To: Dongsu Park Cc: lkml , Linux Containers , Alban Crequy , "Eric W . Biederman" , Seth Forshee , Sargun Dhillon , linux-fsdevel Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 14, 2018 at 2:44 PM, Miklos Szeredi wrote: > On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park wrote: >> From: Seth Forshee >> >> To be able to mount fuse from non-init user namespaces, it's necessary >> to set FS_USERNS_MOUNT flag to fs_flags. >> >> Patch v4 is available: https://patchwork.kernel.org/patch/8944681/ >> >> Cc: linux-fsdevel@vger.kernel.org >> Cc: linux-kernel@vger.kernel.org >> Cc: Miklos Szeredi >> Signed-off-by: Seth Forshee >> [dongsu: add a simple commit messasge] >> Signed-off-by: Dongsu Park >> --- >> fs/fuse/inode.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c >> index 7f6b2e55..8c98edee 100644 >> --- a/fs/fuse/inode.c >> +++ b/fs/fuse/inode.c >> @@ -1212,7 +1212,7 @@ static void fuse_kill_sb_anon(struct super_block *sb) >> static struct file_system_type fuse_fs_type = { >> .owner = THIS_MODULE, >> .name = "fuse", >> - .fs_flags = FS_HAS_SUBTYPE, >> + .fs_flags = FS_HAS_SUBTYPE | FS_USERNS_MOUNT, >> .mount = fuse_mount, >> .kill_sb = fuse_kill_sb_anon, >> }; > > I think enabling FS_USERNS_MOUNT should be pretty safe. > > I was thinking opting out should be as simple as "chmod o-rw > /dev/fuse". But that breaks libfuse, even though fusermount opens > /dev/fuse in privileged mode, so it shouldn't. I'm talking rubbish, /dev/fuse is opened without privs in fusermount as well. So there's not way to differentiate user_ns unpriv mounts from suid fusermount unpriv mounts. Maybe that's just as well... Thanks, Miklos