Ah, thanks! On Sun, Jan 1, 2017 at 2:51 AM, Amir Goldstein <amir73il@xxxxxxxxx> wrote: > On Sat, Dec 31, 2016 at 7:42 PM, Linas Vepstas <linasvepstas@xxxxxxxxx> wrote: >> I tripped across an LXC bug that actually appears to be an overlayfs ... >> the situation is confusing. >> > > The foundations for mount from unprivileged user namespace were merged > to kernel v4.8, you can read more about it in Eric's pull request: > https://lkml.org/lkml/2016/7/26/297 > > Seth Forshee was working on these vfs changes to allow fuse mount in > unprivileged user namespace: > https://lwn.net/Articles/685239/ > > Not sure about the status of the work on fuse mount? >> >> Any advice on how to proceed? > > Not sure what you want to achieve? I wanted to understand why things half-work, and figure out where to report a bug, if that's what needed to be done. But based on what you wrote, I conclude that its "work in progress", and from a user perspective, I can kick back and wait. I guess some LXC wiki somewhere should be updated to state that user-space containers require kernel version xyz or patch pqr. It's somehow ironic that the push for user-space mounts and containers comes from this general fuzzy sensation that they are somehow "safer", yet the changes to enable this provide a new attack surface for privilege escalation. Funny world we live in. :-) Happy New Year! --linas -- To unsubscribe from this list: send the line "unsubscribe linux-unionfs" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
