Home » Mailing lists » Devel » [patch 0/8] mount ownership and unprivileged mount syscall (v4)
Re: [patch 1/8] add user mounts to the kernel [message #18454 is a reply to message #18428] |
Sun, 22 April 2007 07:02 ![Go to previous message Go to previous message](/theme/ovz3/images/up.png) ![Go to next message Go to previous message](/theme/ovz3/images/down.png) |
Miklos Szeredi
Messages: 161 Registered: April 2007
|
Senior Member |
|
|
> > The MNT_USER flag is not copied on any kind of mount cloning:
> > namespace creation, binding or propagation.
>
> I half agree, and as an initial approximation this works.
> Ultimately we should be at the point that for mount propagation
> that we copy the owner of the from the owner of our parent mount
> at the propagation destination.
Yes, that sounds the most sane.
Ram, what do you think?
> > + if (mnt->mnt_flags & MNT_USER)
> > + seq_printf(m, ",user=%i", mnt->mnt_uid);
> How about making the test "if (mnt->mnt_user != &root_user)"
We don't want to treat root_user special. That's what capabilities
were invented for.
> > Index: linux/include/linux/fs.h
> > ===================================================================
> > --- linux.orig/include/linux/fs.h 2007-04-20 11:55:02.000000000 +0200
> > +++ linux/include/linux/fs.h 2007-04-20 11:55:05.000000000 +0200
> > @@ -123,6 +123,7 @@ extern int dir_notify_enable;
> > #define MS_SLAVE (1<<19) /* change to slave */
> > #define MS_SHARED (1<<20) /* change to shared */
> > #define MS_RELATIME (1<<21) /* Update atime relative to mtime/ctime. */
> > +#define MS_SETUSER (1<<22) /* set mnt_uid to current user */
>
> If we unconditionally use the fsuid I think we can get away without
> this flag.
That coudl work if we wouldn't have to worry about breaking the user
interface. As it is, we cannot be sure, that existing callers of
mount(2) don't have fsuid set to some random value.
> > #define MNT_SHRINKABLE 0x100
> > +#define MNT_USER 0x200
>
> If we assign a user to all mount points and root gets to own the
> initial set of mounts then we don't need the internal MNT_USER
> flag.
I think we do want to treat "owned" mounts special, rather than
treating user=0 mounts special.
> > +
> > + uid_t mnt_uid; /* owner of the mount */
>
> Can we please make this a user struct. That requires a bit of
> reference counting but it has uid namespace benefits as well
> as making it easy to implement per user mount rlimits.
OK, can you ellaborate, what the uid namespace benifits are?
Miklos
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
|
|
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 0/8] mount ownership and unprivileged mount syscall (v4)
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 1/8] add user mounts to the kernel
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 1/8] add user mounts to the kernel
By: akpm on Sat, 21 April 2007 07:55
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 1/8] add user mounts to the kernel
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 1/8] add user mounts to the kernel
By: ebiederm on Sat, 21 April 2007 13:14
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 1/8] add user mounts to the kernel
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 1/8] add user mounts to the kernel
By: ebiederm on Sun, 22 April 2007 07:43
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 1/8] add user mounts to the kernel
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 1/8] add user mounts to the kernel
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 2/8] allow unprivileged umount
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
By: akpm on Sat, 21 April 2007 07:55
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
By: hpa on Sat, 21 April 2007 08:01
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
By: akpm on Sat, 21 April 2007 08:36
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
By: ebiederm on Sat, 21 April 2007 12:53
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
By: ebiederm on Sat, 21 April 2007 13:29
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
By: ebiederm on Sun, 22 April 2007 07:09
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 2/8] allow unprivileged umount
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 3/8] account user mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 3/8] account user mounts
By: akpm on Sat, 21 April 2007 07:55
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 3/8] account user mounts
By: ebiederm on Sat, 21 April 2007 13:37
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 3/8] account user mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 3/8] account user mounts
By: ebiederm on Sun, 22 April 2007 07:49
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 3/8] account user mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 4/8] propagate error values from clone_mnt
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 4/8] propagate error values from clone_mnt
By: ebiederm on Sat, 21 April 2007 13:40
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 5/8] allow unprivileged bind mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 5/8] allow unprivileged bind mounts
By: ebiederm on Sat, 21 April 2007 14:00
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 5/8] allow unprivileged bind mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 6/8] put declaration of put_filesystem() in fs.h
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 7/8] allow unprivileged mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
By: akpm on Sat, 21 April 2007 07:55
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
By: ebiederm on Sat, 21 April 2007 14:10
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
By: ebiederm on Sat, 21 April 2007 16:57
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
By: ebiederm on Sat, 21 April 2007 21:00
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 7/8] allow unprivileged mounts
By: ebiederm on Sat, 21 April 2007 21:33
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
[patch 8/8] allow unprivileged fuse mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 8/8] allow unprivileged fuse mounts
By: akpm on Sat, 21 April 2007 07:55
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 8/8] allow unprivileged fuse mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 8/8] allow unprivileged fuse mounts
By: ebiederm on Sat, 21 April 2007 14:18
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 8/8] allow unprivileged fuse mounts
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
By: ebiederm on Wed, 25 April 2007 01:04
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
|
![Read Message Read Message](/theme/ovz3/images/read.png) |
|
Re: [patch 0/8] mount ownership and unprivileged mount syscall (v4)
|
Goto Forum:
Current Time: Tue Jul 16 09:21:46 GMT 2024
Total time taken to generate the page: 0.02747 seconds
|