| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 22 May 2015 16:23:55 +0200
From: Miklos Szeredi <miklos@...redi.hu>
To: alexey@...nosov.spb.ru
Cc: Seth Forshee <seth.forshee@...onical.com>,
Andy Lutomirski <luto@...capital.net>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Serge Hallyn <serge.hallyn@...ntu.com>,
fuse-devel <fuse-devel@...ts.sourceforge.net>,
Linux-Fsdevel <linux-fsdevel@...r.kernel.org>,
Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [fuse-devel] fuse_get_context() and namespaces
On Sat, May 2, 2015 at 5:56 PM, <alexey@...nosov.spb.ru> wrote:
>
> 3.10.0-229 form Scientific Linux and native 4.0.1-1 (from elrepo).
> SL 7.1 on the host and SL 6.6 on the LXC guest. At least in 3.10
> the 499dcf2024092e5cce41d05599a5b51d1f92031a is present.
> Steps to reproduce:
>
> On first console:
> [root@...test ~]# lxc-start -n test-2 /bin/su -
> [root@...t-2 ~]# diff -u hello.py /usr/share/doc/fuse-python-0.2.1/example/hello.py
> --- hello.py 2015-05-02 11:12:13.963093580 -0400
> +++ /usr/share/doc/fuse-python-0.2.1/example/hello.py 2010-04-14 18:29:21.000000000 -0400
> @@ -41,8 +41,6 @@
> class HelloFS(Fuse):
>
> def getattr(self, path):
> - dic = Fuse.GetContext(self)
> - print dic
> st = MyStat()
> if path == '/':
> st.st_mode = stat.S_IFDIR | 0755
> [root@...t-2 ~]# python hello.py -f /mnt/
>
> On second console:
> [root@...t-2 ~]# echo $$
> 41
> [root@...t-2 ~]# ls /mnt/
> hello
>
> Output of first console:
> {'gid': 0, 'pid': 12083, 'uid': 0}
Thanks.
Digging in mailbox... There was a thread last year about adding
support for running fuse daemon in a container:
http://thread.gmane.org/gmane.linux.kernel/1811658
Not sure what happened, but no updated patches have been posted or
maybe I just missed them.
Anyway... adding parties of that discussion to the Cc.
Thanks,
Miklos
>
>
> On Tue, Apr 14, 2015 at 10:23:50AM +0200, Miklos Szeredi wrote:
>> On Wed, Apr 1, 2015 at 5:55 PM, <alexey@...nosov.spb.ru> wrote:
>> >
>> > Nobody have a clue?
>> > Who is on FUSE support now?
>> >
>> > --
>> > Alexey Kurnosov
>> >
>> > On Tue, Mar 31, 2015 at 04:14:23AM +0300, alexey@...nosov.spb.ru wrote:
>> >>
>> >> Hi All.
>> >>
>> >> In my application there is a need to filter access by PID, so i use
>> >> fuse_get_context() (over python bindings actually). The problem come
>> >> when the application runs in a LXC container, and in a separate PID
>> >> namespace (https://lwn.net/Articles/531419/) as result. fuse_get_context()
>> >> returns a caller PID in a _host_'s namespace, not in a container. Not taking
>> >> apart the fact there is broken something in namespaces isolation, is this
>> >> a correct behavior? Shouldn't FUSE be namespaces aware? Is there a way to
>> >> get PIDs in a container's PID namespace? Maybe some workaround?
>>
>> Which kernel? There was a fix that went in v3.8:
>>
>> commit 499dcf2024092e5cce41d05599a5b51d1f92031a
>> Author: Eric W. Biederman <ebiederm@...ssion.com>
>> Date: Tue Feb 7 16:26:03 2012 -0800
>>
>> userns: Support fuse interacting with multiple user namespaces
>>
>>
>> Thanks,
>> Miklos
>
> --
> Alexey Kurnosov
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists