Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752411AbYAINfR (ORCPT ); Wed, 9 Jan 2008 08:35:17 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751945AbYAINfB (ORCPT ); Wed, 9 Jan 2008 08:35:01 -0500 Received: from gprs189-60.eurotel.cz ([160.218.189.60]:46766 "EHLO amd.ucw.cz" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751419AbYAINfA (ORCPT ); Wed, 9 Jan 2008 08:35:00 -0500 Date: Wed, 9 Jan 2008 14:35:06 +0100 From: Pavel Machek To: Miklos Szeredi Cc: akpm@linux-foundation.org, hch@infradead.org, serue@us.ibm.com, viro@ftp.linux.org.uk, ebiederm@xmission.com, kzak@redhat.com, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, containers@lists.osdl.org, util-linux-ng@vger.kernel.org Subject: Re: [patch 7/9] unprivileged mounts: allow unprivileged fuse mounts Message-ID: <20080109133506.GI9735@elf.ucw.cz> References: <20080108113502.184459371@szeredi.hu> <20080108113630.861045063@szeredi.hu> <20080108214625.GE5050@ucw.cz> <20080108225820.GA9735@elf.ucw.cz> <20080109113325.GC9735@elf.ucw.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Warning: Reading this can be dangerous to your mental health. User-Agent: Mutt/1.5.17 (2007-11-01) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2182 Lines: 50 Hi! > > ...this will break with FUSE enabled, right? (Minor security hole by > > allowing users to stop c-a-delete, where none existed before?) > > Yup (or I don't know, I'm sure there was or is some problem with > ptrace, that could be used to create unkillable processes). > > Fuse could actually be fixed to exit reliably for 'killall5 -9' (it > used to), but that has other problems, and it doesn't seem very > important to me. But this can be discussed. I think it is better to fix fuse than to rewrite all the shutdown scripts. > What cannot be fixed is if one process is inside an fs operation > (e.g. unlink), holding a VFS lock (i_mutex) and another process goes > to uninterruptible sleep on that lock. There's no way (other than > rewriting the VFS) in which that second process could be killed unless > you kill the first one or the fuse server. I believe VFS should be rewritten here. Perhaps new "TASK_KILLABLE" state can help? > > I really believe FUSE vs. signals needs fixing. Either that, or > > updating all the manpages > > > > man 1 kill: > > - KILL 9 exit this signal may not be blocked > > + KILL 9 exit this signal may not be blocked, except by FUSE user mount > > Heh, there are all very interesting, but most of these issues are not > even on my todo list (which has grown into quite a big pile over the > years), which means, that they don't seem to matter to people in > practice. > > You seem to be implying that fuse is worthless if these issues are not > fixed, but that is very far from the truth, I think. I'm not saying fuse is worthless. It is a nice toy for single-user systems. But I do not think we should be merging "allow ordinary users to mount their own fuse's" before issues above are fixed. Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/