On Wed, Feb 14, 2018 at 2:44 PM, Miklos Szeredi <mszeredi@xxxxxxxxxx> wrote: > On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park <dongsu@xxxxxxxxxx> wrote: >> From: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> >> >> To be able to mount fuse from non-init user namespaces, it's necessary >> to set FS_USERNS_MOUNT flag to fs_flags. >> >> Patch v4 is available: https://patchwork.kernel.org/patch/8944681/ >> >> Cc: linux-fsdevel@xxxxxxxxxxxxxxx >> Cc: linux-kernel@xxxxxxxxxxxxxxx >> Cc: Miklos Szeredi <mszeredi@xxxxxxxxxx> >> Signed-off-by: Seth Forshee <seth.forshee@xxxxxxxxxxxxx> >> [dongsu: add a simple commit messasge] >> Signed-off-by: Dongsu Park <dongsu@xxxxxxxxxx> >> --- >> fs/fuse/inode.c | 4 ++-- >> 1 file changed, 2 insertions(+), 2 deletions(-) >> >> diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c >> index 7f6b2e55..8c98edee 100644 >> --- a/fs/fuse/inode.c >> +++ b/fs/fuse/inode.c >> @@ -1212,7 +1212,7 @@ static void fuse_kill_sb_anon(struct super_block *sb) >> static struct file_system_type fuse_fs_type = { >> .owner = THIS_MODULE, >> .name = "fuse", >> - .fs_flags = FS_HAS_SUBTYPE, >> + .fs_flags = FS_HAS_SUBTYPE | FS_USERNS_MOUNT, >> .mount = fuse_mount, >> .kill_sb = fuse_kill_sb_anon, >> }; > > I think enabling FS_USERNS_MOUNT should be pretty safe. > > I was thinking opting out should be as simple as "chmod o-rw > /dev/fuse". But that breaks libfuse, even though fusermount opens > /dev/fuse in privileged mode, so it shouldn't. I'm talking rubbish, /dev/fuse is opened without privs in fusermount as well. So there's not way to differentiate user_ns unpriv mounts from suid fusermount unpriv mounts. Maybe that's just as well... Thanks, Miklos _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers