Hello Eric, I'd like to ask you what it would take to have proper support of Fuse inside usernamespaces. I've looked through the code of fuse and I can see some things are specifically coded to prevent creating a mount inside userns. E.g. hard-coded usage of init_user_ns or the check inside fuse_fill_super to make sure the fd is obtained from the init_user_ns. I have also read your argument here: https://lkml.org/lkml/2012/11/12/591 So I'm interested in knowing the following: * Are you still actively working on making fuse mountable in non-root userns, if not is the partial patch available somewhere? I might be able to do some work on that and hopefully make it upstreamable. * If the code is not available can you explain what are the main hurdles in getting this to work? In my experiments I;ve hacked fuse and I'm able to mount glusterfs inside an LXC container but I suspect I might have broken some subtle security aspect :) Regards, Nikolay _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
