Received: by 10.213.65.68 with SMTP id h4csp552747imn; Tue, 20 Mar 2018 09:26:32 -0700 (PDT) X-Google-Smtp-Source: AG47ELsjV9qrd3BZt0Ht5IzknfEdrLYQJoSHC3gC2y7e/CmhYmKhaWuhd7ndT/Z7Vsj4ixqqIK43 X-Received: by 10.99.117.68 with SMTP id f4mr12366353pgn.369.1521563192651; Tue, 20 Mar 2018 09:26:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521563192; cv=none; d=google.com; s=arc-20160816; b=lSaTHF6WETgGzXZjjddXckWafw0Z8ETgwkeM/kubwP/dSoc0OWgjiRWquyXbALrlHg k+RjKwYkGbjRSRVDptyGEI6D+YDC20gmDwHEL125V19ieu9bwj4HsvKMk/ig6lNR/kiG a6YUYHHsiSkbeIU+JXXOOvg9G11xWI95U95XSUzhWJgcfpvKJJdUYfPllLXclxfxdubg rq9107vGCZouaEeetONFj5mtLZUfMg77WbISl/suspIG5zTAe4sQAXqhAp0ApJEJ9e6D stLGxszrwbg40f/gzpJuD7iIILL1hxdtQ5c1PIyG5CumP2tUfngT2TaqBVzo2ByYXfl2 0oYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:arc-authentication-results; bh=bzEbaMLfbee6uQ7wacjwapuZ9Tf7lgSfVIiRvK57gJI=; b=H1V5QORqRsA6IYZGruyJSWHRUeKUS1EOOv5XZDQNXeKxhYaex4xnvg+QqnITD+XEYg LZP1lNe+u4k505RthjFMQyGqz8uJlv1OaeHvQeCRtVmgpIx9kNRm3/C8BZqBYaBV/2jE 1z6SW7qYnQ8RXfXVgqJ1xBNRwDjsp1+2BOu4iqfXBQMI37I4SQuBc83xCyGK495cTP22 yHN0YHiPKwVX+7BTHD7NLj9Y/K8GBNWXgK3OMTZagbkzHCJIPeOLUiPfoVuwKsxBaJ55 JYB2Y7IjW+rmCupO+JnIfg128mm50wL/uiSD/R8BLRK6BH0RBssYCg90Q3otZaW2qtNn 9S4g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c22-v6si2070860plz.279.2018.03.20.09.26.17; Tue, 20 Mar 2018 09:26:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751552AbeCTQZJ (ORCPT + 99 others); Tue, 20 Mar 2018 12:25:09 -0400 Received: from mail-ot0-f173.google.com ([74.125.82.173]:38356 "EHLO mail-ot0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751456AbeCTQZH (ORCPT ); Tue, 20 Mar 2018 12:25:07 -0400 Received: by mail-ot0-f173.google.com with SMTP id 95-v6so2375300ote.5 for ; Tue, 20 Mar 2018 09:25:07 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=bzEbaMLfbee6uQ7wacjwapuZ9Tf7lgSfVIiRvK57gJI=; b=hb7lwMNloWFZL4wGOx4E3cwg1fSxzy3NafDTSImvjPecSSdI5G8m0cxe2rxtTUXSmX hIHASYLp4DTFHoh61uc3GCWacHZeY3T9KAN6mvmv+SkDqSWY9EnLpt4wgtoYMTHZzYgy /ZmkBFpUWn+iaQMyr43HRzGYMVbMyXjc8sZkHgRcMQuPOOaZx79wXIY2i0C652HZBpcn iaePO1UkSVC/z4tMFGTtpTtXKpvBTisXIHUv/xpxVlH/YiA7+V22GQn7x3Y7N38MQDa7 vUOZLECnqzlH7TS1WxXOElYPVQxdGEcdBXWsNeiknZi5aOYKe69uhKUfe5hU881vlF3m ol3w== X-Gm-Message-State: AElRT7HfD1k0rbwi4cA1cM72A8TZV/tL9QvvzOCRHFqcxvuzc0SiCp+t AI0xyOQ5XqoGHjGLHLjBylzQK+5X4uDnaCX5+GmmiA== X-Received: by 2002:a9d:5123:: with SMTP id c32-v6mr509770oth.324.1521563106607; Tue, 20 Mar 2018 09:25:06 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a9d:a65:0:0:0:0:0 with HTTP; Tue, 20 Mar 2018 09:25:06 -0700 (PDT) In-Reply-To: <87ina6ntx0.fsf_-_@xmission.com> References: <878tbmf5vl.fsf@xmission.com> <87po4rz4ui.fsf_-_@xmission.com> <87r2p287i8.fsf_-_@xmission.com> <87ina6ntx0.fsf_-_@xmission.com> From: Miklos Szeredi Date: Tue, 20 Mar 2018 17:25:06 +0100 Message-ID: Subject: Re: [PATCH v9 0/4] fuse: mounts from non-init user namespaces To: "Eric W. Biederman" Cc: lkml , Linux Containers , linux-fsdevel , Alban Crequy , Seth Forshee , Sargun Dhillon , Dongsu Park , "Serge E. Hallyn" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 8, 2018 at 10:23 PM, Eric W. Biederman wrote: > > This patchset builds on the work by Donsu Park and Seth Forshee and is > reduced to the set of patches that just affect fuse. The non-fuse > vfs patches are far enough along we can ignore them except possibly for the > question of when does FS_USERNS_MOUNT get set in fuse_fs_type. > > Fuse with a block device has been left as an exercise for a later time. > > Since v5 I changed the core of this patchset around as the previous > patches were showing signs of bitrot. Some important explanations were > missing, some important functionality was missing, and xattr handling > was completely absent. > > Since v6 I have: > - Removed the failure case from fuse_get_req_nofail_nopages that I > added. > - Updated fuse to always to use posix_acl_access_xattr_handler, and > posix_acl_default_xattr_handler, by teaching fuse to set > ACL_DONT_CACHE when FUSE_POSIX_ACL is not set. > > Since v7 I have: > - Rethought and reworked how I am unifying the cached and the non-cached > posix acl case so the code is cleaner and simpler. > - I have dropped enhancements to caching negative acls when > fc->no_getxattr is set. > - Removed the need to wrap forget_all_cached_acls in fuse. > - Reorder the patches so the posix acl work comes first > > Since v8 I have: > - Dropped and postponed the unification of the uncached and the cached > posix acls case. The code is not hard but tricky enough it needs > to be considered on it's own on it's own merits. > > Miklos can you take a look and see what you think? > > Miklos if you could pick these up I would appreciate it. If not I can > merge these through the userns tree. Thank you Eric for moving this along. Patches pushed to: git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git for-next I did just one modification to "fuse: Fail all requests with invalid uids or gids": instead of zeroing out the context for the nofail case, continue to use the "_munged" variants. I don't think this hurts and is better for backward compatibility (I guess the only relevant use would be for debugging output, but we don't want to regress even for that if not necessary). Thanks, Miklos