Re: [fuse-devel] fuse_get_context() and namespaces

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sat, May 2, 2015 at 5:56 PM,  <alexey@xxxxxxxxxxxxxxx> wrote:
>
> 3.10.0-229 form Scientific Linux and native 4.0.1-1 (from elrepo).
> SL 7.1 on the host and SL 6.6 on the LXC guest. At least in 3.10
> the 499dcf2024092e5cce41d05599a5b51d1f92031a is present.
> Steps to reproduce:
>
> On first console:
> [root@sl7test ~]# lxc-start  -n test-2 /bin/su -
> [root@test-2 ~]# diff -u  hello.py /usr/share/doc/fuse-python-0.2.1/example/hello.py
> --- hello.py    2015-05-02 11:12:13.963093580 -0400
> +++ /usr/share/doc/fuse-python-0.2.1/example/hello.py   2010-04-14 18:29:21.000000000 -0400
> @@ -41,8 +41,6 @@
>  class HelloFS(Fuse):
>
>      def getattr(self, path):
> -        dic = Fuse.GetContext(self)
> -        print dic
>          st = MyStat()
>          if path == '/':
>              st.st_mode = stat.S_IFDIR | 0755
> [root@test-2 ~]# python hello.py -f  /mnt/
>
> On second console:
> [root@test-2 ~]# echo $$
> 41
> [root@test-2 ~]# ls /mnt/
> hello
>
> Output of first console:
> {'gid': 0, 'pid': 12083, 'uid': 0}

Thanks.

Digging in mailbox...  There was a thread last year about adding
support for running fuse daemon in a container:

  http://thread.gmane.org/gmane.linux.kernel/1811658

Not sure what happened, but no updated patches have been posted or
maybe I just missed them.

Anyway... adding parties of that discussion to the Cc.

Thanks,
Miklos


>
>
> On Tue, Apr 14, 2015 at 10:23:50AM +0200, Miklos Szeredi wrote:
>> On Wed, Apr 1, 2015 at 5:55 PM,  <alexey@xxxxxxxxxxxxxxx> wrote:
>> >
>> > Nobody have a clue?
>> > Who is on FUSE support now?
>> >
>> > --
>> > Alexey Kurnosov
>> >
>> > On Tue, Mar 31, 2015 at 04:14:23AM +0300, alexey@xxxxxxxxxxxxxxx wrote:
>> >>
>> >> Hi All.
>> >>
>> >> In my application there is a need to filter access by PID, so i use
>> >> fuse_get_context() (over python bindings actually). The problem come
>> >> when the application runs in a LXC container, and in a separate PID
>> >> namespace (https://lwn.net/Articles/531419/) as result. fuse_get_context()
>> >> returns a caller PID in a _host_'s namespace, not in a container. Not taking
>> >> apart the fact there is broken something in namespaces isolation, is this
>> >> a correct behavior? Shouldn't FUSE be namespaces aware?  Is there a way to
>> >> get PIDs in a container's PID namespace? Maybe some workaround?
>>
>> Which kernel?  There was a fix that went in v3.8:
>>
>> commit 499dcf2024092e5cce41d05599a5b51d1f92031a
>> Author: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>
>> Date:   Tue Feb 7 16:26:03 2012 -0800
>>
>>     userns: Support fuse interacting with multiple user namespaces
>>
>>
>> Thanks,
>> Miklos
>
> --
> Alexey Kurnosov
--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]
  Powered by Linux