lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Mar 2016 08:17:41 -0600 From: Seth Forshee <seth.forshee@...onical.com> To: Miklos Szeredi <miklos@...redi.hu> Cc: "Eric W. Biederman" <ebiederm@...ssion.com>, Alexander Viro <viro@...iv.linux.org.uk>, Serge Hallyn <serge.hallyn@...onical.com>, Richard Weinberger <richard.weinberger@...il.com>, Austin S Hemmelgarn <ahferroin7@...il.com>, linux-kernel@...r.kernel.org, linux-bcache@...r.kernel.org, dm-devel@...hat.com, linux-raid@...r.kernel.org, linux-mtd@...ts.infradead.org, linux-fsdevel@...r.kernel.org, fuse-devel@...ts.sourceforge.net, linux-security-module@...r.kernel.org, selinux@...ho.nsa.gov, Miklos Szeredi <mszeredi@...e.cz> Subject: Re: [PATCH RESEND v2 15/18] fuse: Add support for pid namespaces On Wed, Mar 09, 2016 at 11:53:17AM +0100, Miklos Szeredi wrote: > On Mon, Jan 04, 2016 at 12:03:54PM -0600, Seth Forshee wrote: > > If the userspace process servicing fuse requests is running in > > a pid namespace then pids passed via the fuse fd need to be > > translated relative to that namespace. Capture the pid namespace > > in use when the filesystem is mounted and use this for pid > > translation. > > > > Since no use case currently exists for changing namespaces all > > translations are done relative to the pid namespace in use when > > /dev/fuse is opened. > > The above doesn't match what the patch does. > > - FUSE captures namespace at mount time > > - CUSE captures namespace at /dev/cuse open Possibly an earlier version of the patch worked that way and I forgot to update the description after it change. Anyway, I'll fix it. > > Mounting or /dev/fuse IO from another > > namespace will return errors. > > > > Requests from processes whose pid cannot be translated into the > > target namespace are not permitted, except for requests > > allocated via fuse_get_req_nofail_nopages. For no-fail requests > > in.h.pid will be 0 if the pid translation fails. > > > > File locking changes based on previous work done by Eric > > Biederman. > > > > Signed-off-by: Seth Forshee <seth.forshee@...onical.com> > > Signed-off-by: Miklos Szeredi <mszeredi@...e.cz> > > Not sure how my SOB got on this patch, use this instead: > > Acked-by: Miklos Szeredi <mszeredi@...hat.com> My memory is that you had sent a patch as a proposed alternative to one of my earlier patches, and I squashed the two together and added your SOB at that point. I'll change it. Thanks, Seth
Powered by blists - more mailing lists