Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx>
Subject: Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
From: Miklos Szeredi <miklos@xxxxxxxxxx>
Date: Tue, 24 May 2022 09:07:34 +0200
Cc: Christian Brauner <brauner@xxxxxxxxxx>, Dave Marchevsky <davemarchevsky@xxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, Seth Forshee <sforshee@xxxxxxxxxxxxxxxx>, Rik van Riel <riel@xxxxxxxxxxx>, kernel-team <kernel-team@xxxxxx>, Andrii Nakryiko <andrii@xxxxxxxxxx>, Chris Mason <clm@xxxxxx>, Arnaldo Carvalho de Melo <acme@xxxxxxxxxx>
In-reply-to: <CAEf4BzY5en_O9NtKUB=1uHkGdHLSo_FqddUkokh7pcEWAQ2omw@mail.gmail.com>

On Tue, 24 May 2022 at 06:36, Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> wrote:

> I still think that tools like perf being able to provide good tracing
> data is going to hurt due to this cautious rejection of access, but
> with Kconfig we at least give an option for users to opt out of it.
> WDYT?

I'd rather use a module option for this, always defaulting to off .
Then sysadmin then can choose to turn this protection off if
necessary. This would effectively be the same as "user_allow_other"
option in /etc/fuse.conf, which fusermount interprets but the kernel
doesn't.

Thanks,
Miklos

Follow-Ups:
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Christian Brauner
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Rik van Riel

References:
- [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Dave Marchevsky
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Christian Brauner
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Dave Marchevsky
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Miklos Szeredi
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Dave Marchevsky
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Christian Brauner
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Miklos Szeredi
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Andrii Nakryiko
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Christian Brauner
- Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
  - From: Andrii Nakryiko

Prev by Date: Re: [PATCHv3 3/6] block: introduce bdev_dma_alignment helper
Next by Date: [GIT PULL] zonefs fixes for 5.19-rc1-fix
Previous by thread: Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
Next by thread: Re: [PATCH] fuse: allow CAP_SYS_ADMIN in root userns to access allow_other mount
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [NTFS 3] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [NTFS 3] [Samba] [Device Mapper] [CEPH Development]