Received: by 2002:a25:7ec1:0:0:0:0:0 with SMTP id z184csp3213998ybc; Mon, 25 Nov 2019 10:45:27 -0800 (PST) X-Google-Smtp-Source: APXvYqyZxyxn7PWf7tZ8uNPsFkbAvY4wcbEv3iB14mx4UUnC9XVcZpcAtNC7lu3VBeO4MLuDO7lq X-Received: by 2002:a17:906:4c8c:: with SMTP id q12mr39209858eju.256.1574707527827; Mon, 25 Nov 2019 10:45:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1574707527; cv=none; d=google.com; s=arc-20160816; b=WD+/guv/CiyRbG/2dSAtMEK4GCuvyWDmhsR0EUY5TGhXtT5Pvcw0T3It0RkXUoQ2K1 H9wIQ85VvR9uPdeuefow0chSyilQyPQqAeuYXNqAPo4vWKTy4UjjEqozRCZgnnepMue2 jQZoiu67OLbIN7/Np4PSVXSSIRp18XJzxl6Nx0rlpr4H8uR7B3AqXEqhK9ODKJQTzQTq 5Gvz631kP2Q8h6+ODbigarTacbIhJ2PSqWvcwf6V010VFtUoFRaNeNg/GlDKKTIbZ52+ H4Lm1uq/0ATQ54n+WwPaWScweUNp2BWMG4jkgNVn8AZ/7nMbrbWwQTnkyG9mgj6Na/Dv RjDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=ALu9igSRSsKi52hn+f9OyAjdyB0mBhNXe9BnXNqIOe4=; b=Ur/sR1OuUEZzubJozR4OP6y3edeiuFaL/QxMxDGglpf69+mL399zUKQ7DWt/Y/Gb4C TwF+VrYNLu/NRTSum6lNIbKtST5cDS05KfvRJDMSdNDT/lkFc0g+BAb30ry9TMmS0acq sAnoGR3qyq49kjrgh5i3Djv+1TLskRaFufxe2DKzJF5aURuGJVdD9k+gsdePCQHE2gTa IJRiep7JMUSqGjCycZQVWlFIh/8Fb1H6fDyqPU5UikEz5BZs00P6hh1pWulNBIX3gmr1 Do//d5rLXY3WWCFMki7sLEA3wG8FsJWu7eczC4ipOkJP7raOma6a+79SsMsVFSmFxYIt dWlQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=Uhh7wOIq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a61si6104443edf.157.2019.11.25.10.45.04; Mon, 25 Nov 2019 10:45:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=Uhh7wOIq; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728431AbfKYPOO (ORCPT + 99 others); Mon, 25 Nov 2019 10:14:14 -0500 Received: from mail-io1-f66.google.com ([209.85.166.66]:46748 "EHLO mail-io1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728172AbfKYPOO (ORCPT ); Mon, 25 Nov 2019 10:14:14 -0500 Received: by mail-io1-f66.google.com with SMTP id i11so16551552iol.13 for ; Mon, 25 Nov 2019 07:14:12 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ALu9igSRSsKi52hn+f9OyAjdyB0mBhNXe9BnXNqIOe4=; b=Uhh7wOIqPQR81MSbRooLEt8qyy+07qluJoDtNGDtuedJKTsKjd14fVckV+hyDQmbo6 78MPzzDXsUkzjxgRhAEm9siOrRhNZUiy8r2DTW7OWcdnHo7YHAbfbIO7lH/4mUPXSThw yCn+Oo5iRpC87zL2LqOdI1JCfz+ssecH+ma6A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ALu9igSRSsKi52hn+f9OyAjdyB0mBhNXe9BnXNqIOe4=; b=AAW3JTw8Ebp/x/BLDAEjrHxoM6nnKS4NCIz5t3SbNc+g6QNV5n7eTAOaKO2sQLd41v 1VL5Nm3nS4X8J1SgRWAJsNsUgLqZSL5holfFvvyde26n1mMTGjPYKVfkwxzsBjR6jq6O 7dsqRsBs2CXMysWZiQV4ndehUwKSDEhIinW1OW8jeV04O54kwjYi8Y9TPryzUcA8oCbz Ko3Cc0POlXK7HZtUoI7/ECAU8n/YXPR25K6RE/KfRMNo/wMt3wEIZTRFQVwnHa3oeaiV vc7a0Xrt1QTSbeLP3ZgVqyanYI0v9TjhFYsbld6BxaMoSAR8YoBv+eiwoVOd/jg6xSqV k+VA== X-Gm-Message-State: APjAAAX3ZV2BoXUmKJGqwAti5hd0kFEA+vMyksdANwVMpHIMeYyyKW4W hV9uFS8aWJJHOKsaTCWxocS3Gxs1ee142ihZ185sxQ== X-Received: by 2002:a5d:91da:: with SMTP id k26mr26131450ior.252.1574694852323; Mon, 25 Nov 2019 07:14:12 -0800 (PST) MIME-Version: 1.0 References: <20191025112917.22518-1-mszeredi@redhat.com> <87r231rlfj.fsf@x220.int.ebiederm.org> In-Reply-To: <87r231rlfj.fsf@x220.int.ebiederm.org> From: Miklos Szeredi Date: Mon, 25 Nov 2019 16:14:01 +0100 Message-ID: Subject: Re: [RFC PATCH 0/5] allow unprivileged overlay mounts To: "Eric W. Biederman" Cc: Miklos Szeredi , overlayfs , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Oct 25, 2019 at 3:43 PM Eric W. Biederman wrote: > > Miklos Szeredi writes: > > > Hi Eric, > > > > Can you please have a look at this patchset? > > > > The most interesting one is the last oneliner adding FS_USERNS_MOUNT; > > whether I'm correct in stating that this isn't going to introduce any > > holes, or not... > > I will take some time and dig through this. > > From a robustness standpoint I worry about the stackable filesystem > side. As that is uniquely an attack vector with overlayfs. > > There is definitely demand for this. Hi Eric, Have you had time to look into this yet? Thanks, Miklos