Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Amir Goldstein <amir73il@xxxxxxxxx>
Subject: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Tue, 7 Feb 2017 14:25:51 -0800
Cc: James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx>, Christoph Hellwig <hch@xxxxxxxxxxxxx>, Djalal Harouni <tixxdz@xxxxxxxxx>, Chris Mason <clm@xxxxxx>, Theodore Tso <tytso@xxxxxxx>, Josh Triplett <josh@xxxxxxxxxxxxxxxx>, "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Seth Forshee <seth.forshee@xxxxxxxxxxxxx>, linux-fsdevel <linux-fsdevel@xxxxxxxxxxxxxxx>, linux-kernel <linux-kernel@xxxxxxxxxxxxxxx>, LSM List <linux-security-module@xxxxxxxxxxxxxxx>, Dongsu Park <dongsu@xxxxxxxxxxxx>, David Herrmann <dh.herrmann@xxxxxxxxxxxxxx>, Miklos Szeredi <mszeredi@xxxxxxxxxx>, Alban Crequy <alban.crequy@xxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, "Serge E. Hallyn" <serge@xxxxxxxxxx>, Phil Estes <estesp@xxxxxxxxx>
In-reply-to: <CAOQ4uxhfvaxfUEwMd=oeyOHs29qP9RcQ1GmOs-4XwXYAMwLfyw@mail.gmail.com>
User-agent: Mutt/1.7.1 (2016-10-04)

On Tue, Feb 07, 2017 at 11:01:29PM +0200, Amir Goldstein wrote:
> Project id's are not exactly "subtree" semantic, but inheritance semantics,
> which is not the same when non empty directories get their project id changed.
> Here is a recap:
> https://lwn.net/Articles/623835/

Yes - but if we abuse them for containers we could refine the semantics
to simply not allow change of project ids from inside containers
based on say capabilities.

> I guess we should define the semantics for the required sub-tree marking,
> before we can talk about solutions.

Good plan.

Follow-Ups:
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: James Bottomley

References:
- [RFC 0/1] shiftfs: uid/gid shifting filesystem (s_user_ns version)
  - From: James Bottomley
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: James Bottomley
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: Christoph Hellwig
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: James Bottomley
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: Amir Goldstein
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: Christoph Hellwig
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: James Bottomley
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: Christoph Hellwig
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: James Bottomley
- Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
  - From: Amir Goldstein

Prev by Date: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
Next by Date: mmotm 2017-02-07-15-20 uploaded
Previous by thread: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
Next by thread: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [Samba] [Device Mapper] [CEPH Development]