Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp3525495imm;
        Tue, 29 May 2018 08:41:54 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKIaXcGM1BneVuKAk9w2VTTM95SCkzrBANlffMI0i5QOYH8hDtgAhXff20zXYx5DYDzo9NEa
X-Received: by 2002:a62:a054:: with SMTP id r81-v6mr13025817pfe.10.1527608514927;
        Tue, 29 May 2018 08:41:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1527608514; cv=none;
        d=google.com; s=arc-20160816;
        b=C5Wajj7smMkIZ5EdR9YDJ2IQK4hhgbFAJOegb3Z375/1fX0u/Sl2/3ni38wzKoAA6+
         ygECBtJzl+4estpvW8lDRcIF/9w2PViReHYUV+NEKeCw+8jUUE+CoI+LMBi/AFYzZLgi
         X89t4BacTk4kbkPEcazJGxc5yhgj7TAREfywmJC1p6w/NmgFYuo5s0yAW4o5dCrJ1/qM
         Elk1JU7spj7cxoVVPnASmSMfDiS0bfoUT0QBmApqIfSkT6aI8xglG3t1A6kwpjM/+doX
         q97TAziFjPhXX2vmAwqPCCn80viP8yT6Qj2W1hL5eb0U0jnlWAoTcFr9D37VS5GODwO2
         C6pA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature
         :arc-authentication-results;
        bh=1QHomPqwz94oSov/7MO/6iTWv2mVoqI63XiMoVg5BIo=;
        b=O2ZvZo5CzfTiMfqSglNt/IDP4XnqqNXeNyz109PVq9WeABJbcrRvsyF0CrV3WW6Sn1
         Dk6xlatFffitp0Pg44wSOt3u70bemitlst1TwJfTy6wlADLguj4o94pSh1JFjkxJ5vpS
         5Fn09p0m6Plcnx4OehWTcpytdkgSdv9gr4w9ezPRlD+bQaXtS7ukatYoVTUZhPqWC+/9
         3Kw6S0RcET0Rdw+m4OBNelynGdHKZwawaMRqHCWxXZbhaay/zejco9Bjr4E17MCdeQrg
         gAlgYOsKKxTLI8RcP9RyKqJ1dyKgRDduETWez/Qa2Lt1kWGHroI3D8DE89oNjsfPlLPf
         /KJg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kinvolk.io header.s=google header.b=Jda0AN+9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id p67-v6si31425693pfp.72.2018.05.29.08.41.40;
        Tue, 29 May 2018 08:41:54 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kinvolk.io header.s=google header.b=Jda0AN+9;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S935410AbeE2Pkx (ORCPT <rfc822;lxz1983@gmail.com> + 99 others);
        Tue, 29 May 2018 11:40:53 -0400
Received: from mail-yb0-f195.google.com ([209.85.213.195]:40109 "EHLO
        mail-yb0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934948AbeE2Pkv (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 29 May 2018 11:40:51 -0400
Received: by mail-yb0-f195.google.com with SMTP id o80-v6so5230800ybc.7
        for <linux-kernel@vger.kernel.org>; Tue, 29 May 2018 08:40:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=kinvolk.io; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :cc;
        bh=1QHomPqwz94oSov/7MO/6iTWv2mVoqI63XiMoVg5BIo=;
        b=Jda0AN+9LxU4BIHrwXYd50HyIOCdvOkYvLCYId4RAWgbDT2h+LgvarUXjcg6QQme+o
         lkiiSvAubdJs5x0VFcuRyn038WnQprXWdlGc0r0KoHBUh5aXHe/RoKp5Dfy9WUVq2216
         PERX3f/97U6DFogz8cCqRR8VvJz8qxIp6G80o=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:cc;
        bh=1QHomPqwz94oSov/7MO/6iTWv2mVoqI63XiMoVg5BIo=;
        b=RmcqnQKwH0m0Kg0RR2U3wPHNJI7vHyfd6DGkU4dCxQuiLVSzpyt6dIuEkfkMrHueyI
         4sIyd3jmUwv4ebF93QJ9AJ8mfQFQQ7xWfkQaI2x2/Zt9e9RKwfqq5CsenEN8qov1puOk
         KZdOxCiR+6tLsfp4OrGfdPQlaBBtAoTIh2bozob/3+JcI5Ao+QYH9DpgGOvfychiP0mH
         ZFbdT7QtEoL4M1k0p8XQKa6IiqzEMu+iN/DL6FQbb9sp96eS1Jjv3zf2kcsfsE/3nxw/
         az/2sHf7TAiZuaRlaD+o6LMj5gPVIwixTkVF0nkLyYCNIPvqRLuU/5ixgKriCf/oHtw+
         3AAA==
X-Gm-Message-State: ALKqPweV+svTbUo3ulWzRhtX48RuUyf6U3lc8KG48iyNLONq6Q1FfZrx
        T7TD7/xXIG74ovxkFQn2jtBptCjl04E8U6SJYdv8yQ==
X-Received: by 2002:a25:3621:: with SMTP id d33-v6mr10041624yba.269.1527608450723;
 Tue, 29 May 2018 08:40:50 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a25:4643:0:0:0:0:0 with HTTP; Tue, 29 May 2018 08:40:50
 -0700 (PDT)
In-Reply-To: <87o9h6554f.fsf@xmission.com>
References: <87o9h6554f.fsf@xmission.com>
From:   Dongsu Park <dongsu@kinvolk.io>
Date:   Tue, 29 May 2018 17:40:50 +0200
Message-ID: <CANxcAMt5f7=TV3Yqc6iavos=saGFOPKC4R4Yr9yGbKoVwq3YGw@mail.gmail.com>
Subject: Re: [REVIEW][PATCH 0/6] Wrapping up the vfs support for unprivileged mounts
To:     "Eric W. Biederman" <ebiederm@xmission.com>
Cc:     Linux Containers <containers@lists.linux-foundation.org>,
        linux-fsdevel@vger.kernel.org,
        Seth Forshee <seth.forshee@canonical.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Christian Brauner <christian@brauner.io>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi,

On Thu, May 24, 2018 at 1:22 AM, Eric W. Biederman
<ebiederm@xmission.com> wrote:
>
> Very slowly the work has been progressing to ensure the vfs has the
> necessary support for mounting filesystems without privilege.
>
> This patchset contains one more core piece of that work, ensuring a few
> more operations that would write back an inode and confuse an exisiting
> filesystem are denied.
>
> The rest of the changes actually enable userns root to do things with
> filesystems that the userns root has mounted.  Most of these have been
> waiting in the wings a long time, held back because I wanted the core
> of the patchset to be solid before I started allowing additional
> behavor.
>
> It is definitely time for these changes so the effect of s_user_ns
> becomes less theoretical.
>
> The change to allow mknod is new, but consistent with everything else
> and harmless as device nodes on filesystems mounted without privilege
> are ignored.
>
> Unless problems show up in the during review I plan to merge these changes.

Thank you for the great work. I have been looking forward to seeing it.
I have just gathered available relevant patches in my branch:

https://github.com/kinvolk/linux/tree/dongsu/fuse-userns-for-4.18

With this branch, I tested sshfs/fuse from non-init user namespace.
It works fine as expected. So you can add:

Tested-by: Dongsu Park <dongsu@kinvolk.io>

Thanks!
Dongsu

> These changes are also available at:
>   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git userns-test
>
> Eric W. Biederman (5):
>       vfs: Don't allow changing the link count of an inode with an invalid uid or gid
>       vfs: Allow userns root to call mknod on owned filesystems.
>       fs: Allow superblock owner to replace invalid owners of inodes
>       fs: Allow superblock owner to access do_remount_sb()
>       capabilities: Allow privileged user in s_user_ns to set security.* xattrs
>
> Seth Forshee (1):
>       fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems
>
>  fs/attr.c            | 36 ++++++++++++++++++++++++++++--------
>  fs/ioctl.c           |  4 ++--
>  fs/namei.c           | 16 ++++++++++++----
>  fs/namespace.c       |  4 ++--
>  security/commoncap.c |  8 ++++++--
>  5 files changed, 50 insertions(+), 18 deletions(-)
>
> Eric
> _______________________________________________
> Containers mailing list
> Containers@lists.linux-foundation.org
> https://lists.linuxfoundation.org/mailman/listinfo/containers