| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240815-ehemaligen-duftstoffe-a5f2ab60ddc9@brauner> Date: Fri, 16 Aug 2024 10:01:52 +0200 From: Christian Brauner <brauner@...nel.org> To: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@...onical.com> Cc: mszeredi@...hat.com, stgraber@...raber.org, linux-fsdevel@...r.kernel.org, Seth Forshee <sforshee@...nel.org>, Miklos Szeredi <miklos@...redi.hu>, Vivek Goyal <vgoyal@...hat.com>, German Maglione <gmaglione@...hat.com>, Amir Goldstein <amir73il@...il.com>, Bernd Schubert <bschubert@....com>, linux-kernel@...r.kernel.org Subject: Re: [PATCH v3 00/11] fuse: basic support for idmapped mounts On Thu, Aug 15, 2024 at 11:24:17AM GMT, Alexander Mikhalitsyn wrote: > Dear friends, > > This patch series aimed to provide support for idmapped mounts > for fuse & virtiofs. We already have idmapped mounts support for almost all > widely-used filesystems: > * local (ext4, btrfs, xfs, fat, vfat, ntfs3, squashfs, f2fs, erofs, ZFS (out-of-tree)) > * network (ceph) > > Git tree (based on torvalds/master): > v3: https://github.com/mihalicyn/linux/commits/fuse_idmapped_mounts.v3 > current: https://github.com/mihalicyn/linux/commits/fuse_idmapped_mounts > > Changelog for version 3: > - introduce and use a new SB_I_NOIDMAP flag (suggested by Christian) > - add support for virtiofs (+user space virtiofsd conversion) > > Changelog for version 2: > - removed "fs/namespace: introduce fs_type->allow_idmap hook" and simplified logic > to return -EIO if a fuse daemon does not support idmapped mounts (suggested > by Christian Brauner) > - passed an "idmap" in more cases even when it's not necessary to simplify things (suggested > by Christian Brauner) > - take ->rename() RENAME_WHITEOUT into account and forbid it for idmapped mount case > > Links to previous versions: > v2: https://lore.kernel.org/linux-fsdevel/20240814114034.113953-1-aleksandr.mikhalitsyn@canonical.com > tree: https://github.com/mihalicyn/linux/commits/fuse_idmapped_mounts.v2 > v1: https://lore.kernel.org/all/20240108120824.122178-1-aleksandr.mikhalitsyn@canonical.com/#r > tree: https://github.com/mihalicyn/linux/commits/fuse_idmapped_mounts.v1 > > Having fuse (+virtiofs) supported looks like a good next step. At the same time > fuse conceptually close to the network filesystems and supporting it is > a quite challenging task. > > Let me briefly explain what was done in this series and which obstacles we have. > > With this series, you can use idmapped mounts with fuse if the following > conditions are met: > 1. The filesystem daemon declares idmap support (new FUSE_INIT response feature > flags FUSE_OWNER_UID_GID_EXT and FUSE_ALLOW_IDMAP) > 2. The filesystem superblock was mounted with the "default_permissions" parameter > 3. The filesystem fuse daemon does not perform any UID/GID-based checks internally > and fully trusts the kernel to do that (yes, it's almost the same as 2.) > > I have prepared a bunch of real-world examples of the user space modifications > that can be done to use this extension: > - libfuse support > https://github.com/mihalicyn/libfuse/commits/idmap_support > - fuse-overlayfs support: > https://github.com/mihalicyn/fuse-overlayfs/commits/idmap_support > - cephfs-fuse conversion example > https://github.com/mihalicyn/ceph/commits/fuse_idmap > - glusterfs conversion example (there is a conceptual issue) > https://github.com/mihalicyn/glusterfs/commits/fuse_idmap > - virtiofsd conversion example > https://gitlab.com/virtio-fs/virtiofsd/-/merge_requests/245 So I have no further comments on this and from my perspective this is: Reviewed-by: Christian Brauner <brauner@...nel.org> I would really like to see tests for this feature as this is available to unprivileged users.
Powered by blists - more mailing lists