Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp4079400imm; Tue, 29 May 2018 21:35:43 -0700 (PDT) X-Google-Smtp-Source: ADUXVKI7m0kp1BPHdLNzN1/IhtFjNiltVXR+gm1hXxuCultM2RjxMstuyK3YbqrD4Hkw0cn2l/i8 X-Received: by 2002:a17:902:8604:: with SMTP id f4-v6mr1324293plo.4.1527654943028; Tue, 29 May 2018 21:35:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1527654942; cv=none; d=google.com; s=arc-20160816; b=By0ph5EjinvzjlTCWnxTEh3EtcRxC7iWnj2Yp3Lec2B6ZR7tgksXurWP7Q5klkSVU+ TEtknuM6m2eKWph1E/FvoZq1lHzrG7zpjKGt3vRMCdOeK0LgTXXwlrV7CrKWPrUVjDkN ptTYp7Jku93I9PU1u1b/Y1Rblyxrvc6bAKMMxfNpRt9W+qeMUBipc8bb8ma794kjhBRS SAWfMqEfnfOp4V7P9r7D1umWB53Fj4NQxPrlNYedZZyZxOm/uQT6oGOHJvko8L70FI9U 10IzGX0gaCM/STGuyi9q0DtfkVkm2rBM3Rk0jv+EkwZ6AFkohb5/ZNj3jTCI8lWW180w cBTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:arc-authentication-results; bh=CeADdkq2WcSrOiVjp0dG/LIv4knSa30FHpBX1wAoOsA=; b=eVAaKUHzHbwL9znDN4eTSKB/c5Ko0rhxlyTnwchvrfTssO0V5VuR5D7sy2nlwCiR2H yEfXvJEXXG54nxMt9Ozm0D7LGiCfZgoMbSDf+JfDvOvgrCPuSx7ctZq4E3OqJ7R7Zeop kTjZn9fn33LXdu7FTW6wiCgDuowYrQic169Zk5IR03vPUFs8VoyE1xHivxiwA2puRaXe 0jfAJu3IlLofS1avC8OMcjJV+0qal5esCDkJXtotSu8llosWynUtZgYBXaRQdSKD7JEF b10kV3GyWTdkJTawwMz7hJu50mtiQVjWSbJGuymQJJ1MvKLHlMqnNsU3wt4mPsXSKGFw qIJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p7-v6si26553941pga.473.2018.05.29.21.35.29; Tue, 29 May 2018 21:35:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935315AbeE3EfC (ORCPT + 99 others); Wed, 30 May 2018 00:35:02 -0400 Received: from ipmail06.adl6.internode.on.net ([150.101.137.145]:3904 "EHLO ipmail06.adl6.internode.on.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934541AbeE3Ee6 (ORCPT ); Wed, 30 May 2018 00:34:58 -0400 Received: from ppp59-167-129-252.static.internode.on.net (HELO dastard) ([59.167.129.252]) by ipmail06.adl6.internode.on.net with ESMTP; 30 May 2018 14:04:56 +0930 Received: from dave by dastard with local (Exim 4.80) (envelope-from ) id 1fNsp5-0001IE-PY; Wed, 30 May 2018 14:34:55 +1000 Date: Wed, 30 May 2018 14:34:55 +1000 From: Dave Chinner To: "Eric W. Biederman" Cc: "Theodore Y. Ts'o" , Linux Containers , linux-fsdevel@vger.kernel.org, Seth Forshee , "Serge E. Hallyn" , Christian Brauner , linux-kernel@vger.kernel.org Subject: Re: [REVIEW][PATCH 0/6] Wrapping up the vfs support for unprivileged mounts Message-ID: <20180530043455.GN23861@dastard> References: <87o9h6554f.fsf@xmission.com> <20180524214617.GG7712@thunk.org> <87y3g8y6x9.fsf@xmission.com> <20180525035716.GE10363@dastard> <8736yar4g3.fsf@xmission.com> <20180529221710.GM23861@dastard> <87k1rlkh1g.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87k1rlkh1g.fsf@xmission.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 29, 2018 at 09:34:35PM -0500, Eric W. Biederman wrote: > Dave Chinner writes: > > > Yeah, the are some fairly big process and policy things that > > need to be decided here. Not just at the kernel level, but at > > distro and app infrastructure level too. > > > > I was originally sceptical of supporting kernel filesystems via > > lkl, but the desire for unprivileged mounts has not gone away > > and so I'm less worried about accessing filesystems that way > > than I am of letting the kernel parse untrusted images from > > untrusted users... > > There is also the more readily available libguestfs which doesn't > support as many filesystems but does seem available in most linux > distributions already. It already has a fuse option available > with guestmount. I may have to dig in there and see how to make > it available without using fusermount. That only provides host access to filesystems mounted inside guest VMs, right? AFAIA, libguestfs is not providing a FUSE implementation that mounts and parses raw XFS images. e.g it barely understands anything XFS, and that which it does is via running and screen-scraping the output of XFS's userspace management tools... > > I'm not sure what the correct forum for this is - wasn't this > > something the Plumbers conference was supposed to facilitate? > > Yes. If we all need to be in a room and talk about things. > It is early enough in the planning for Plumers that we could > definitely schedule a talk or a BOF for this. Ok. I have no idea if I'll be at plumbers - it's an awful long way from where I am.... Cheers, Dave. -- Dave Chinner david@fromorbit.com