Received: by 10.223.185.116 with SMTP id b49csp4335985wrg; Mon, 26 Feb 2018 15:53:55 -0800 (PST) X-Google-Smtp-Source: AH8x225mjMD4pdtlAcnhHRZtuGt4QkyEUrTx875ZYIxXDfcEL1usSqkGdiKiwVXqLv/MbJ4C1WI5 X-Received: by 10.99.172.2 with SMTP id v2mr9971393pge.204.1519689235646; Mon, 26 Feb 2018 15:53:55 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1519689235; cv=none; d=google.com; s=arc-20160816; b=llBoe3PFAVvr3L5ICXPQwlzvUI2mYmpfMT6Cqz3nowUN9bhALtqvfczSL/4nTAIMC+ 8x/6hZxFft96/jBHxB56keVU9R1otYVXixvVNUVATF2ZSKOD1ouLdJqTtawkpWxl2VsK PQDYZfzc6R98JQ0aPvIMUaNb7mnw1MHNDpPWNg+S2Asxqpo8gKTT0jEy27inv7FqyiNL 5o+cjZ7w243H3khaBIiqqEF2QEYpC+iKJf97sfZuTcDIrXppX4H76l9j9lsxfoGujUWn anbMZ64SK/Tw73lScmOMEbX1yWvHeriWKfnb2cILadlQCpg0jTNQ7S/SCohS4sUnRBVR sRcQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from :arc-authentication-results; bh=E3DMVFZTFVzWW6hZDSUblbknaJM9yTxqiv4Cac8A69A=; b=Q/reto/35xV92HS+Cz5ZSr6b4BQj7b1xbKtqNoa2aoaTJvvpfM4rjypjrVPhABkpWM B+rf5VCbQLBs6pvF1q6H7sSTo10TQEUGsqPChkNuLxIwsyXOTPAwq43Si0Yk+WRaGb7S PYZJd3exJniUOyWHViLrD5DAFZq/H9sfyM3mDKX+ZAaNC7S18GS9fOsL+6zqkyaqkhun lFHEiba2jQzUoroZDKmWaOhf0+Jdt1g/b0HoutfUebqDhi1soyhwAEFy5iB4AE/qhPiF +xGpNFiVkCkJy1kS/LQUvGQRGBoy4E2l0811MNcCEjl/NrySXairFXpkdgxtuDZ10DDj PGNw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g7si7560783pfm.0.2018.02.26.15.53.39; Mon, 26 Feb 2018 15:53:55 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751505AbeBZXw5 (ORCPT + 99 others); Mon, 26 Feb 2018 18:52:57 -0500 Received: from out03.mta.xmission.com ([166.70.13.233]:36991 "EHLO out03.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750826AbeBZXw4 (ORCPT ); Mon, 26 Feb 2018 18:52:56 -0500 Received: from in02.mta.xmission.com ([166.70.13.52]) by out03.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eqSZh-0001ni-MI; Mon, 26 Feb 2018 16:52:53 -0700 Received: from 174-19-85-160.omah.qwest.net ([174.19.85.160] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1eqSZh-0004f2-4Y; Mon, 26 Feb 2018 16:52:53 -0700 From: ebiederm@xmission.com (Eric W. Biederman) To: Miklos Szeredi Cc: linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, , Alban Crequy , Seth Forshee , Sargun Dhillon , Dongsu Park , "Serge E. Hallyn" References: <878tbmf5vl.fsf@xmission.com> Date: Mon, 26 Feb 2018 17:52:21 -0600 In-Reply-To: <878tbmf5vl.fsf@xmission.com> (Eric W. Biederman's message of "Wed, 21 Feb 2018 14:24:30 -0600") Message-ID: <87po4rz4ui.fsf_-_@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1eqSZh-0004f2-4Y;;;mid=<87po4rz4ui.fsf_-_@xmission.com>;;;hst=in02.mta.xmission.com;;;ip=174.19.85.160;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX18vo70VSKMXeRayPK8eJxrUWOV8taSsguk= X-SA-Exim-Connect-IP: 174.19.85.160 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa06.xmission.com X-Spam-Level: X-Spam-Status: No, score=-0.2 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,TVD_RCVD_IP,T_TooManySym_01 autolearn=disabled version=3.4.1 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.0 TVD_RCVD_IP Message was received from an IP address * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ;Miklos Szeredi X-Spam-Relay-Country: X-Spam-Timing: total 214 ms - load_scoreonly_sql: 0.03 (0.0%), signal_user_changed: 3.2 (1.5%), b_tie_ro: 2.1 (1.0%), parse: 1.05 (0.5%), extract_message_metadata: 3.6 (1.7%), get_uri_detail_list: 1.64 (0.8%), tests_pri_-1000: 3.9 (1.8%), tests_pri_-950: 1.14 (0.5%), tests_pri_-900: 0.97 (0.5%), tests_pri_-400: 23 (10.6%), check_bayes: 22 (10.1%), b_tokenize: 6 (2.9%), b_tok_get_all: 9 (4.1%), b_comp_prob: 1.97 (0.9%), b_tok_touch_all: 2.8 (1.3%), b_finish: 0.63 (0.3%), tests_pri_0: 163 (76.4%), check_dkim_signature: 0.62 (0.3%), check_dkim_adsp: 2.5 (1.2%), tests_pri_500: 6 (2.6%), rewrite_mail: 0.00 (0.0%) Subject: [PATCH v7 0/7] fuse: mounts from non-init user namespaces X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This patchset builds on the work by Donsu Park and Seth Forshee and is reduced to the set of patches that just affect fuse. The non-fuse patches are far enough along we can ignore them except possibly for the question of when does FS_USERNS_MOUNT get set in fuse_fs_type. Fuse with a block device has been left as an exercise for a later time. Since v5 I changed the core of this patchset around as the previous patches were showing signs of bitrot. Some important explanations were missing, some important functionality was missing, and xattr handling was completely absent. Since v6 I have: - Removed the failure case from fuse_get_req_nofail_nopages that I added. - Updated fuse to always to use posix_acl_access_xattr_handler, and posix_acl_default_xattr_handler, by teaching fuse to set ACL_DONT_CACHE when FUSE_POSIX_ACL is not set. Miklos can you take a look and see what you think? I think this much of the fuse changes are ready, and as such I would like to get them in this development cycle if possible. These changes are also available at: git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git userns-fuse-v7 Eric W. Biederman (6): fuse: Remove the buggy retranslation of pids in fuse_dev_do_read fuse: Fail all requests with invalid uids or gids fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE fuse: Cache a NULL acl when FUSE_GETXATTR returns -ENOSYS fuse: Simplfiy the posix acl handling logic. fuse: Support fuse filesystems outside of init_user_ns Seth Forshee (1): fuse: Restrict allow_other to the superblock's namespace or a descendant fs/fuse/acl.c | 10 +++++----- fs/fuse/cuse.c | 7 ++++++- fs/fuse/dev.c | 30 +++++++++++++++++------------- fs/fuse/dir.c | 27 +++++++++++++-------------- fs/fuse/fuse_i.h | 11 ++++++++--- fs/fuse/inode.c | 44 +++++++++++++++++++++++++++++--------------- fs/fuse/xattr.c | 6 +----- fs/posix_acl.c | 7 +++++-- kernel/user_namespace.c | 1 + 9 files changed, 85 insertions(+), 58 deletions(-) Eric