Received: by 10.213.65.68 with SMTP id h4csp552747imn;
        Tue, 20 Mar 2018 09:26:32 -0700 (PDT)
X-Google-Smtp-Source: AG47ELsjV9qrd3BZt0Ht5IzknfEdrLYQJoSHC3gC2y7e/CmhYmKhaWuhd7ndT/Z7Vsj4ixqqIK43
X-Received: by 10.99.117.68 with SMTP id f4mr12366353pgn.369.1521563192651;
        Tue, 20 Mar 2018 09:26:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521563192; cv=none;
        d=google.com; s=arc-20160816;
        b=lSaTHF6WETgGzXZjjddXckWafw0Z8ETgwkeM/kubwP/dSoc0OWgjiRWquyXbALrlHg
         k+RjKwYkGbjRSRVDptyGEI6D+YDC20gmDwHEL125V19ieu9bwj4HsvKMk/ig6lNR/kiG
         a6YUYHHsiSkbeIU+JXXOOvg9G11xWI95U95XSUzhWJgcfpvKJJdUYfPllLXclxfxdubg
         rq9107vGCZouaEeetONFj5mtLZUfMg77WbISl/suspIG5zTAe4sQAXqhAp0ApJEJ9e6D
         stLGxszrwbg40f/gzpJuD7iIILL1hxdtQ5c1PIyG5CumP2tUfngT2TaqBVzo2ByYXfl2
         0oYw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:arc-authentication-results;
        bh=bzEbaMLfbee6uQ7wacjwapuZ9Tf7lgSfVIiRvK57gJI=;
        b=H1V5QORqRsA6IYZGruyJSWHRUeKUS1EOOv5XZDQNXeKxhYaex4xnvg+QqnITD+XEYg
         LZP1lNe+u4k505RthjFMQyGqz8uJlv1OaeHvQeCRtVmgpIx9kNRm3/C8BZqBYaBV/2jE
         1z6SW7qYnQ8RXfXVgqJ1xBNRwDjsp1+2BOu4iqfXBQMI37I4SQuBc83xCyGK495cTP22
         yHN0YHiPKwVX+7BTHD7NLj9Y/K8GBNWXgK3OMTZagbkzHCJIPeOLUiPfoVuwKsxBaJ55
         JYB2Y7IjW+rmCupO+JnIfg128mm50wL/uiSD/R8BLRK6BH0RBssYCg90Q3otZaW2qtNn
         9S4g==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id c22-v6si2070860plz.279.2018.03.20.09.26.17;
        Tue, 20 Mar 2018 09:26:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751552AbeCTQZJ (ORCPT <rfc822;daisukeokaopensource@gmail.com>
        + 99 others); Tue, 20 Mar 2018 12:25:09 -0400
Received: from mail-ot0-f173.google.com ([74.125.82.173]:38356 "EHLO
        mail-ot0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751456AbeCTQZH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 20 Mar 2018 12:25:07 -0400
Received: by mail-ot0-f173.google.com with SMTP id 95-v6so2375300ote.5
        for <linux-kernel@vger.kernel.org>; Tue, 20 Mar 2018 09:25:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=bzEbaMLfbee6uQ7wacjwapuZ9Tf7lgSfVIiRvK57gJI=;
        b=hb7lwMNloWFZL4wGOx4E3cwg1fSxzy3NafDTSImvjPecSSdI5G8m0cxe2rxtTUXSmX
         hIHASYLp4DTFHoh61uc3GCWacHZeY3T9KAN6mvmv+SkDqSWY9EnLpt4wgtoYMTHZzYgy
         /ZmkBFpUWn+iaQMyr43HRzGYMVbMyXjc8sZkHgRcMQuPOOaZx79wXIY2i0C652HZBpcn
         iaePO1UkSVC/z4tMFGTtpTtXKpvBTisXIHUv/xpxVlH/YiA7+V22GQn7x3Y7N38MQDa7
         vUOZLECnqzlH7TS1WxXOElYPVQxdGEcdBXWsNeiknZi5aOYKe69uhKUfe5hU881vlF3m
         ol3w==
X-Gm-Message-State: AElRT7HfD1k0rbwi4cA1cM72A8TZV/tL9QvvzOCRHFqcxvuzc0SiCp+t
        AI0xyOQ5XqoGHjGLHLjBylzQK+5X4uDnaCX5+GmmiA==
X-Received: by 2002:a9d:5123:: with SMTP id c32-v6mr509770oth.324.1521563106607;
 Tue, 20 Mar 2018 09:25:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:a65:0:0:0:0:0 with HTTP; Tue, 20 Mar 2018 09:25:06 -0700 (PDT)
In-Reply-To: <87ina6ntx0.fsf_-_@xmission.com>
References: <cover.1512741134.git.dongsu@kinvolk.io> <878tbmf5vl.fsf@xmission.com>
 <87po4rz4ui.fsf_-_@xmission.com> <87r2p287i8.fsf_-_@xmission.com> <87ina6ntx0.fsf_-_@xmission.com>
From:   Miklos Szeredi <mszeredi@redhat.com>
Date:   Tue, 20 Mar 2018 17:25:06 +0100
Message-ID: <CAOssrKebhX-nm06RAwep8HUUV4QpsAa=ZOgxdRyP=WF9p-=4Tw@mail.gmail.com>
Subject: Re: [PATCH v9 0/4] fuse: mounts from non-init user namespaces
To:     "Eric W. Biederman" <ebiederm@xmission.com>
Cc:     lkml <linux-kernel@vger.kernel.org>,
        Linux Containers <containers@lists.linux-foundation.org>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        Alban Crequy <alban@kinvolk.io>,
        Seth Forshee <seth.forshee@canonical.com>,
        Sargun Dhillon <sargun@sargun.me>,
        Dongsu Park <dongsu@kinvolk.io>,
        "Serge E. Hallyn" <serge@hallyn.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Mar 8, 2018 at 10:23 PM, Eric W. Biederman
<ebiederm@xmission.com> wrote:
>
> This patchset builds on the work by Donsu Park and Seth Forshee and is
> reduced to the set of patches that just affect fuse.  The non-fuse
> vfs patches are far enough along we can ignore them except possibly for the
> question of when does FS_USERNS_MOUNT get set in fuse_fs_type.
>
> Fuse with a block device has been left as an exercise for a later time.
>
> Since v5 I changed the core of this patchset around as the previous
> patches were showing signs of bitrot.  Some important explanations were
> missing, some important functionality was missing, and xattr handling
> was completely absent.
>
> Since v6 I have:
> - Removed the failure case from fuse_get_req_nofail_nopages that I
>   added.
> - Updated fuse to always to use posix_acl_access_xattr_handler, and
>   posix_acl_default_xattr_handler, by teaching fuse to set
>   ACL_DONT_CACHE when FUSE_POSIX_ACL is not set.
>
> Since v7 I have:
> - Rethought and reworked how I am unifying the cached and the non-cached
>   posix acl case so the code is cleaner and simpler.
>   - I have dropped enhancements to caching negative acls when
>     fc->no_getxattr is set.
>   - Removed the need to wrap forget_all_cached_acls in fuse.
> - Reorder the patches so the posix acl work comes first
>
> Since v8 I have:
> - Dropped and postponed the unification of the uncached and the cached
>   posix acls case.  The code is not hard but tricky enough it needs
>   to be considered on it's own on it's own merits.
>
> Miklos can you take a look and see what you think?
>
> Miklos if you could pick these up I would appreciate it.  If not I can
> merge these through the userns tree.

Thank you Eric for moving this along.  Patches pushed to:

  git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse.git for-next

I did just one modification to "fuse: Fail all requests with invalid
uids or gids": instead of zeroing out the context for the nofail case,
continue to use the "_munged" variants. I don't think this hurts and
is better for backward compatibility (I guess the only relevant use
would be for debugging output, but we don't want to regress even for
that if not necessary).

Thanks,
Miklos