Received: by 10.223.185.116 with SMTP id b49csp1118393wrg; Wed, 21 Feb 2018 12:25:55 -0800 (PST) X-Google-Smtp-Source: AH8x225K0jTB+UQzRj2o6qcHVGGjvFCGPWtKIortWegW+uGTCenZWL3wmqmTP/8IrnTmQgSrFJDW X-Received: by 10.99.189.82 with SMTP id d18mr3689028pgp.172.1519244755652; Wed, 21 Feb 2018 12:25:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519244755; cv=none; d=google.com; s=arc-20160816; b=gv5kPk9n5mhyakLH43f2e0j7nnAWBdz7YfbDzzYsw945R6s0xP/rf9dRIUOPsn1Qat kv25h7biy3m4e48h4nvBnPdsZop5KwUtqKvs7JfGHVzX7lV0crjORnjSCUvSzYt3oa3a YCWbUlFzte/xKMYGx7BAVcJZ3g8CSnaMEYbdAJEes1GPKuimSB+Hc+MZ4L4dH7zAPXdO e0xLmZ09jpe/R10Sd8mSS+I2hhP50CS9eX9jQsE/tPCiGoy0La/M89uXvmpPTR8Yaj/A z83a9JCuUJCwqzUwOwJkFX5F0u0LDSV6RQG3YbAZOIuGT2yoFt7P3BUltVPZYPPAN6gv 5k6Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from :arc-authentication-results; bh=1uY8gjEquu9S3sECUWNOekgPguygabccZI9WrUHq0Vc=; b=ApQcnHi24hymb6DuIxfNCGGv+AjPWV92wNsaha/9fmjBoK04XnJNqJOJEUnfkxh1Wd ZlHA1fFYpEh+zZeU+Tbdz2Opn/7LSuUEUBZiO4Y5FNWUUrDhXcuzs3LtIUv7ecjwCpIq A7Ze4T+ackGIM5gK1JY9xTeSHPwm5zXPnC5x1QRZvSUOTtYnpHiZkZf8+DaEDveKZag+ 2HidIP8Waps57/1fE0MS8lkXiQTMV4xBn0sU+aaPW1dvwOMLCmmtmImkdu6rjO5SGdxN pZ6SN1CUA1kxgvLppqiQ1ppkgJz5hxnWTZPacj5pTlop4E2FxPQItzEy/SRnuDwzvsMG SqRA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y1-v6si388358pli.394.2018.02.21.12.25.40; Wed, 21 Feb 2018 12:25:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751270AbeBUUZB (ORCPT + 99 others); Wed, 21 Feb 2018 15:25:01 -0500 Received: from out01.mta.xmission.com ([166.70.13.231]:50725 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750738AbeBUUY7 (ORCPT ); Wed, 21 Feb 2018 15:24:59 -0500 Received: from in02.mta.xmission.com ([166.70.13.52]) by out01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eoawj-0007YG-I0; Wed, 21 Feb 2018 13:24:57 -0700 Received: from 174-19-85-160.omah.qwest.net ([174.19.85.160] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eoawj-0001dF-1H; Wed, 21 Feb 2018 13:24:57 -0700 From: ebiederm@xmission.com (Eric W. Biederman) To: Miklos Szeredi Cc: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, , Alban Crequy , Seth Forshee , Sargun Dhillon , Dongsu Park , "Serge E. Hallyn" References: Date: Wed, 21 Feb 2018 14:24:30 -0600 In-Reply-To: (Dongsu Park's message of "Fri, 22 Dec 2017 15:32:24 +0100") Message-ID: <878tbmf5vl.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1eoawj-0001dF-1H;;;mid=<878tbmf5vl.fsf@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=174.19.85.160;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX1+jcfQKZdGS5vlztOY2WkGdzhKKMfacnjQ= X-SA-Exim-Connect-IP: 174.19.85.160 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa06.xmission.com X-Spam-Level: X-Spam-Status: No, score=-0.2 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,TVD_RCVD_IP,T_TooManySym_01 autolearn=disabled version=3.4.1 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Miklos Szeredi X-Spam-Relay-Country: X-Spam-Timing: total 197 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 3.5 (1.8%), b_tie_ro: 2.5 (1.3%), parse: 0.80 (0.4%), extract_message_metadata: 3.1 (1.6%), get_uri_detail_list: 1.33 (0.7%), tests_pri_-1000: 4.0 (2.0%), tests_pri_-950: 1.24 (0.6%), tests_pri_-900: 1.04 (0.5%), tests_pri_-400: 22 (11.2%), check_bayes: 21 (10.7%), b_tokenize: 6 (3.2%), b_tok_get_all: 7 (3.7%), b_comp_prob: 2.4 (1.2%), b_tok_touch_all: 2.9 (1.5%), b_finish: 0.60 (0.3%), tests_pri_0: 150 (76.1%), check_dkim_signature: 0.48 (0.2%), check_dkim_adsp: 2.8 (1.4%), tests_pri_500: 3.7 (1.9%), rewrite_mail: 0.00 (0.0%) Subject: [PATCH v6 0/6] fuse: mounts from non-init user namespaces X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patchset builds on the work by Donsu Park and Seth Forshee and is reduced to the set of patches that just affect fuse. The non-fuse patches are far enough along we can ignore them except possibly for the question of when does FS_USERNS_MOUNT get set in fuse_fs_type. Fuse with a block device has been left as an exercise for a later time. I had to change the core of this patchset around some as the previous patches were showing signs of bitrot. Some important explanations were missing, some important functionality was missing, and xattr handling was completely absent. Miklos can you take a look and see what you think? I think this much of the fuse changes are ready, and as such I would like to get them in this development cycle if possible. My apologies if I have lost someone's ack or review somewhere. Let me know and I will fix it. These changes are also available at: git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git userns-fuse-v6 Eric W. Biederman (4): fuse: Remove the buggy retranslation of pids in fuse_dev_do_read fuse: Fail all requests with invalid uids or gids fuse: Support fuse filesystems outside of init_user_ns fuse: Ensure posix acls are translated outside of init_user_ns Seth Forshee (1): fuse: Restrict allow_other to the superblock's namespace or a descendant fs/fuse/acl.c | 4 ++-- fs/fuse/cuse.c | 7 ++++++- fs/fuse/dev.c | 26 +++++++++++++------------- fs/fuse/dir.c | 16 ++++++++-------- fs/fuse/fuse_i.h | 7 ++++++- fs/fuse/inode.c | 38 ++++++++++++++++++++++++++------------ fs/fuse/xattr.c | 43 +++++++++++++++++++++++++++++++++++++++++++ kernel/user_namespace.c | 1 + 8 files changed, 105 insertions(+), 37 deletions(-) Eric