+ ebiederm and nfsd folks On Wed, Oct 23, 2019 at 11:08 AM Miklos Szeredi <miklos@xxxxxxxxxx> wrote: > > > > On Tue, Oct 22, 2019 at 10:46 PM Mark Salyzyn <salyzyn@xxxxxxxxxxx> wrote: > > > > Assumption never checked, should fail if the mounter creds are not > > sufficient. > > A bit more explanation would be nice. Like a pointer to the explanation given in the open_by_handle_at(2) code where this check was presumably taken from. > Well, it's not that simple (TM). If you are considering unprivileged overlay mounts, then this should be ns_capable() check, even though open_by_handle_at(2) does not currently allow userspace nfsd to decode file handles. Unlike open_by_handle_at(2), overlayfs (currently) never exposes file data via decoded origin fh. AFAIK, it only exposes the origin st_ino st_dev and some nlink related accounting. I have been trying to understand from code if nfsd exports are allowed from non privileged containers and couldn't figure it out (?). If non privileged container is allowed to export nosubtreecheck export then non privileged container root can already decode file handles... Thanks, Amir.
