Ian Kent <raven@xxxxxxxxxx> writes: > On 30/11/17 08:01, Eric W. Biederman wrote: >> >> While reviewing some code I realized that in getting d_automount working >> with s_user_ns I had left behind some unnecessary relics of the blind >> path I started down. Here are two patches that remove those relics. >> >> Unless someone has another preference I will drop them in my userns tree >> and merge them that way. > > I saw the "<etc>->s_user_ns != &init_user_ns" and wondered if that would > trigger for automount(8) run entirely with a container (eg. docker)? autofs still needs FS_USERNS_MOUNT before you can reach that point. But docker does have a mode ?--userns-remap? where it sets up the containers mounts that way. I think in principle that should work and be safe. I don't know how robust autofs is against malicious users. Which is the question to ask before actually adding FS_USERNS_MOUNT in struct file_system_type. > Anyway, it's gone now, so ACK to these two, thanks Eric. Eric
