On Tue, Oct 27, 2015 at 10:39:51PM +0100, Andreas Gruenbacher wrote: > On Tue, Oct 27, 2015 at 9:18 PM, Dave Chinner <david@xxxxxxxxxxxxx> wrote: > > Further, user namespaces are irrelevant here - you can't run > > xfsdump/restore outside the init_ns. xfsdump requires access to the > > handle interface, which is unsafe to use inside a user ns because it > > allows complete access to any inode in the filesystem without > > limitations. xfs_restore requires unfettered access to directly > > manipulate the uid/gid/security attrs of inodes, which once again is > > something that isn't allowed inside user namespaces. > > > > Setting Posix acls by directly poking the on-disk attr format rather > > than going through the proper kernel ACL namespace is not a *general > > purpose user interface*. Thi exists for backup/restore utilities to > > do things like restore ACLs and security labels simply by treating > > them as opaque xattrs. If a user sets ACLs using this low level > > "opaque xattr" method, then they get to keep all the broken bits to > > themselves. > > Any process capable of CAP_SYS_ADMIN can getxattr and setxattr those CAP_SYS_ADMIN = enough rope to hang yourself. Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx _______________________________________________ xfs mailing list xfs@xxxxxxxxxxx http://oss.sgi.com/mailman/listinfo/xfs
