ebiederm@xxxxxxxxxxxx (Eric W. Biederman) writes: > Use kuid_t and kgid_t in struct fuse_conn and struct fuse_mount_data. > > The connection between between a fuse filesystem and a fuse daemon is > established when a fuse filesystem is mounted and provided with a file > descriptor the fuse daemon created by opening /dev/fuse. > > For now restrict the communication of uids and gids between the fuse > filesystem and the fuse daemon to the initial user namespace. Why? I think far more logical would be to limit a single instance of the filesystem and the daemon to an arbitrary but *single* namespace. I.e. one fuse_conn <-> one user namespace. Is there a reason to treat the initial namespace specially? Thanks, Miklos _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
