Quoting Eric W. Biederman (ebiederm@xxxxxxxxxxxx): > Eric Paris <eparis@xxxxxxxxxxxxxx> writes: > > > Why trust uids or rwx bits. Might as well do away with those as well, > > right? > > Lying to your own userspace processes (which you can do with LD_PRELOAD) > is rather different than lying to the selinux or the smack modules. > > What I am saying with my patch is that fuse is remarkably non-nuanced > in how it interacts with extended attributes, and that it appears > very clear that there are bugs in the area of unprivileged mounts that > need to be addressed. > > I am happy to hear about better solutions. Telling me it's not a bug > and sticking your head in the sand is quite amusing. I'm not terribly familiar with the ways fuse modules can be loaded. Would it be possible to, at load time, based on the (selinux) credentials of the user loading the module, either allow the loader to specify that security.* and trusted.* xattrs may be used, or, if user is unprivileged, ignore the xattrs and use a default based on the user's credentials? -serge -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
