Home » Mailing lists » Devel » [patch 0/8] mount ownership and unprivileged mount syscall (v4)
Re: [patch 1/8] add user mounts to the kernel [message #18451 is a reply to message #18407] |
Sun, 22 April 2007 07:43 |
ebiederm
Messages: 1354 Registered: February 2006
|
Senior Member |
|
|
Miklos Szeredi <miklos@szeredi.hu> writes:
>> > The MNT_USER flag is not copied on any kind of mount cloning:
>> > namespace creation, binding or propagation.
>>
>> I half agree, and as an initial approximation this works.
>> Ultimately we should be at the point that for mount propagation
>> that we copy the owner of the from the owner of our parent mount
>> at the propagation destination.
>
> Yes, that sounds the most sane.
>
> Ram, what do you think?
>
>> > + if (mnt->mnt_flags & MNT_USER)
>> > + seq_printf(m, ",user=%i", mnt->mnt_uid);
>> How about making the test "if (mnt->mnt_user != &root_user)"
>
> We don't want to treat root_user special. That's what capabilities
> were invented for.
For the print statement? What ever it is minor.
>> > Index: linux/include/linux/fs.h
>> > ===================================================================
>> > --- linux.orig/include/linux/fs.h 2007-04-20 11:55:02.000000000 +0200
>> > +++ linux/include/linux/fs.h 2007-04-20 11:55:05.000000000 +0200
>> > @@ -123,6 +123,7 @@ extern int dir_notify_enable;
>> > #define MS_SLAVE (1<<19) /* change to slave */
>> > #define MS_SHARED (1<<20) /* change to shared */
>> > #define MS_RELATIME (1<<21) /* Update atime relative to mtime/ctime. */
>> > +#define MS_SETUSER (1<<22) /* set mnt_uid to current user */
>>
>> If we unconditionally use the fsuid I think we can get away without
>> this flag.
>
> That coudl work if we wouldn't have to worry about breaking the user
> interface. As it is, we cannot be sure, that existing callers of
> mount(2) don't have fsuid set to some random value.
If we can get away without an extra flag it would really be
preferable.
In the container case we have an interesting and very common
scenario struct user *our_user != &root_user. our_user->uid == 0.
I.e. The root in the what is the container but not the root
of the entire system.
So I want to minimize the changes needed to existing programs.
Now if all we have to do is specify MS_SETUSER when root a
user with CAP_SETUID is setting up a mount as a user other
then himself then I don't much care. If we have to call MS_SETUSER
as unprivileged users I will have to modify mount binaries to work
differently inside and outside of containers.
Further there is only one or two versions of mount in widespread
use on linux, and unless you do something special fsuid == euid.
So the chance of fsuid set to some random value is pretty low.
So yes I think we can be 99.9% certain that existing callers of
mount(2) don't have fsuid set to some random value just by
inspecting the code of mount(1).
>> > #define MNT_SHRINKABLE 0x100
>> > +#define MNT_USER 0x200
>>
>> If we assign a user to all mount points and root gets to own the
>> initial set of mounts then we don't need the internal MNT_USER
>> flag.
>
> I think we do want to treat "owned" mounts special, rather than
> treating user=0 mounts special.
I don't think we should treat any mount special and all mounts
should be owned.
>> > +
>> > + uid_t mnt_uid; /* owner of the mount */
>>
>> Can we please make this a user struct. That requires a bit of
>> reference counting but it has uid namespace benefits as well
>> as making it easy to implement per user mount rlimits.
>
> OK, can you ellaborate, what the uid namespace benifits are?
In the uid namespace the comparison is simpler as are the propagations
rules. Basically if you use a struct user you will never need to
care about a uid namespace. If you don't we will have to tear through
this code another time.
Plus like I was mentioning earlier. If we do have a struct user there
implementing per user mount rlimits becomes trivial.
Eric
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
|
|
|
|
|
[patch 0/8] mount ownership and unprivileged mount syscall (v4)
|
|
|
[patch 1/8] add user mounts to the kernel
|
|
|
Re: [patch 1/8] add user mounts to the kernel
By: akpm on Sat, 21 April 2007 07:55
|
|
|
Re: [patch 1/8] add user mounts to the kernel
|
|
|
Re: [patch 1/8] add user mounts to the kernel
By: ebiederm on Sat, 21 April 2007 13:14
|
|
|
Re: [patch 1/8] add user mounts to the kernel
|
|
|
Re: [patch 1/8] add user mounts to the kernel
By: ebiederm on Sun, 22 April 2007 07:43
|
|
|
Re: [patch 1/8] add user mounts to the kernel
|
|
|
Re: [patch 1/8] add user mounts to the kernel
|
|
|
[patch 2/8] allow unprivileged umount
|
|
|
Re: [patch 2/8] allow unprivileged umount
By: akpm on Sat, 21 April 2007 07:55
|
|
|
Re: [patch 2/8] allow unprivileged umount
By: hpa on Sat, 21 April 2007 08:01
|
|
|
Re: [patch 2/8] allow unprivileged umount
|
|
|
Re: [patch 2/8] allow unprivileged umount
By: akpm on Sat, 21 April 2007 08:36
|
|
|
Re: [patch 2/8] allow unprivileged umount
By: ebiederm on Sat, 21 April 2007 12:53
|
|
|
Re: [patch 2/8] allow unprivileged umount
|
|
|
Re: [patch 2/8] allow unprivileged umount
By: ebiederm on Sat, 21 April 2007 13:29
|
|
|
Re: [patch 2/8] allow unprivileged umount
|
|
|
Re: [patch 2/8] allow unprivileged umount
By: ebiederm on Sun, 22 April 2007 07:09
|
|
|
Re: [patch 2/8] allow unprivileged umount
|
|
|
[patch 3/8] account user mounts
|
|
|
Re: [patch 3/8] account user mounts
By: akpm on Sat, 21 April 2007 07:55
|
|
|
Re: [patch 3/8] account user mounts
By: ebiederm on Sat, 21 April 2007 13:37
|
|
|
Re: [patch 3/8] account user mounts
|
|
|
Re: [patch 3/8] account user mounts
By: ebiederm on Sun, 22 April 2007 07:49
|
|
|
Re: [patch 3/8] account user mounts
|
|
|
[patch 4/8] propagate error values from clone_mnt
|
|
|
Re: [patch 4/8] propagate error values from clone_mnt
By: ebiederm on Sat, 21 April 2007 13:40
|
|
|
[patch 5/8] allow unprivileged bind mounts
|
|
|
Re: [patch 5/8] allow unprivileged bind mounts
By: ebiederm on Sat, 21 April 2007 14:00
|
|
|
Re: [patch 5/8] allow unprivileged bind mounts
|
|
|
[patch 6/8] put declaration of put_filesystem() in fs.h
|
|
|
[patch 7/8] allow unprivileged mounts
|
|
|
Re: [patch 7/8] allow unprivileged mounts
By: akpm on Sat, 21 April 2007 07:55
|
|
|
Re: [patch 7/8] allow unprivileged mounts
By: ebiederm on Sat, 21 April 2007 14:10
|
|
|
Re: [patch 7/8] allow unprivileged mounts
|
|
|
Re: [patch 7/8] allow unprivileged mounts
|
|
|
Re: [patch 7/8] allow unprivileged mounts
|
|
|
Re: [patch 7/8] allow unprivileged mounts
|
|
|
Re: [patch 7/8] allow unprivileged mounts
|
|
|
Re: [patch 7/8] allow unprivileged mounts
By: ebiederm on Sat, 21 April 2007 16:57
|
|
|
Re: [patch 7/8] allow unprivileged mounts
|
|
|
Re: [patch 7/8] allow unprivileged mounts
By: ebiederm on Sat, 21 April 2007 21:00
|
|
|
Re: [patch 7/8] allow unprivileged mounts
|
|
|
Re: [patch 7/8] allow unprivileged mounts
By: ebiederm on Sat, 21 April 2007 21:33
|
|
|
[patch 8/8] allow unprivileged fuse mounts
|
|
|
Re: [patch 8/8] allow unprivileged fuse mounts
By: akpm on Sat, 21 April 2007 07:55
|
|
|
Re: [patch 8/8] allow unprivileged fuse mounts
|
|
|
Re: [patch 8/8] allow unprivileged fuse mounts
By: ebiederm on Sat, 21 April 2007 14:18
|
|
|
Re: [patch 8/8] allow unprivileged fuse mounts
|
|
|
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
By: ebiederm on Wed, 25 April 2007 01:04
|
|
|
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
|
|
|
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
|
|
|
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
|
Goto Forum:
Current Time: Tue Sep 17 13:39:43 GMT 2024
Total time taken to generate the page: 0.05256 seconds
|