lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20141103171515.GB7554@ubuntu-hedt>
Date:	Mon, 3 Nov 2014 11:15:15 -0600
From:	Seth Forshee <seth.forshee@...onical.com>
To:	Miklos Szeredi <miklos@...redi.hu>,
	"Eric W. Biederman" <ebiederm@...ssion.com>
Cc:	"Serge H. Hallyn" <serge.hallyn@...ntu.com>,
	Andy Lutomirski <luto@...capital.net>,
	Michael j Theall <mtheall@...ibm.com>,
	fuse-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org,
	linux-fsdevel@...r.kernel.org
Subject: Re: [PATCH v5 0/4] fuse: Add support for mounts from pid/user
 namespaces

On Wed, Oct 22, 2014 at 04:24:16PM -0500, Seth Forshee wrote:
> Here's another update to the patches to enable userns mounts in fuse.
> The changes this time around center on xattrs and allow_other. I'm
> considering the following patch to be a prerequisite for this series:
> 
> http://lkml.kernel.org/g/252a4d87d99fc2b5fe4411c838f65b312c4e13cd.1413330857.git.luto@amacapital.net
> 
> With this patch I'm dropping the xattr restrictions from the v4 patches.
> This leaves the situation with xattrs unchanged in init_user_ns. A fuse
> userns mount could still supply xattrs which the user would normally be
> unable to set, but since the mount will be inaccessible outside of that
> userns or its descendants those xattrs will never be seen by the host.
> 
> I'm also in agreement with Andy that some decision regarding this patch
> should be made before merging the fuse userns support as well:
> 
> http://lkml.kernel.org/g/2686c32f00b14148379e8cfee9c028c794d4aa1a.1407974494.git.luto@amacapital.net
> 
> Changes since v4:
>  - Drop patch to restrict xattrs
>  - Update allow_other to restrict based on userns of current rather than
>    uid/gid

Miklos, Eric - Any feedback from either of you on these patches?

Thanks,
Seth
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ