This patchset builds on the work by Donsu Park and Seth Forshee and is
reduced to the set of patches that just affect fuse. The non-fuse
patches are far enough along we can ignore them except possibly for the
question of when does FS_USERNS_MOUNT get set in fuse_fs_type.
Fuse with a block device has been left as an exercise for a later time.
I had to change the core of this patchset around some as the previous
patches were showing signs of bitrot. Some important explanations were
missing, some important functionality was missing, and xattr handling
was completely absent.
Miklos can you take a look and see what you think?
I think this much of the fuse changes are ready, and as such I would
like to get them in this development cycle if possible.
My apologies if I have lost someone's ack or review somewhere. Let me
know and I will fix it.
These changes are also available at:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git userns-fuse-v6
Eric W. Biederman (4):
fuse: Remove the buggy retranslation of pids in fuse_dev_do_read
fuse: Fail all requests with invalid uids or gids
fuse: Support fuse filesystems outside of init_user_ns
fuse: Ensure posix acls are translated outside of init_user_ns
Seth Forshee (1):
fuse: Restrict allow_other to the superblock's namespace or a descendant
fs/fuse/acl.c | 4 ++--
fs/fuse/cuse.c | 7 ++++++-
fs/fuse/dev.c | 26 +++++++++++++-------------
fs/fuse/dir.c | 16 ++++++++--------
fs/fuse/fuse_i.h | 7 ++++++-
fs/fuse/inode.c | 38 ++++++++++++++++++++++++++------------
fs/fuse/xattr.c | 43 +++++++++++++++++++++++++++++++++++++++++++
kernel/user_namespace.c | 1 +
8 files changed, 105 insertions(+), 37 deletions(-)
Eric
