Andy Lutomirski <luto@xxxxxxxxxxxxxx> writes: > This should hopefully be a short topic, and it's possible that it'll > be settled by the time LSF/MM comes around, but: > > There's a fair amount of interest from different directions for > allowing filesystems with a backing store to be mounted (in the > mount-from-scratch sense, not the bind-mount sense) in a user > namespace. For example, Seth has patches to allow unprivileged FUSE > mounts. There are a few issues here, for example: > > - What happens to device nodes in those filesystems? > > - If a FUSE backend is in a user namespace, how should UIDs be > translated to/from that backend? > > - How should LSM security labels be translated? > > - Should a struct super_block be associated with a user namespace? > (Answer: probably, I think.) If so, what should the semantics be? > > There are also some remapping cases that aren't directly user > namespace-related. For example, I'd like to be able to insert > removable media and create files owned by uid 0 (or any other uid) > without actually being root. And there is the longer term question that may be more appropriate when we get all of the id problems settled, about what kind of testing, auditing, review we want in place before we believe an unprivileged mount is actually safe to perform, when we can assume hostile intent by the mounter. Eric -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
