From: Seth Forshee <seth.forshee@canonical.com>
To: Octavian Purdila <octavian.purdila@intel.com>
Cc: Richard Weinberger <richard@nod.at>,
Al Viro <viro@zeniv.linux.org.uk>,
"Eric W. Biederman" <ebiederm@xmission.com>,
linux-bcache@vger.kernel.org,
device-mapper development <dm-devel@redhat.com>,
"linux-raid@vger.kernel.org" <linux-raid@vger.kernel.org>,
"linux-mtd@lists.infradead.org" <linux-mtd@lists.infradead.org>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
LSM <linux-security-module@vger.kernel.org>,
selinux@tycho.nsa.gov, Serge Hallyn <serge.hallyn@canonical.com>,
Andy Lutomirski <luto@amacapital.net>,
LKML <linux-kernel@vger.kernel.org>,
Theodore Ts'o <tytso@mit.edu>
Subject: Re: [PATCH v3 0/7] User namespace mount updates
Date: Thu, 19 Nov 2015 10:31:34 -0600 [thread overview]
Message-ID: <20151119163134.GB45540@ubuntu-hedt> (raw)
In-Reply-To: <CAE1zot+G=SohXzuV6Gs7APdCo5pu9xLwE38kZKNUuWRnSh++BA@mail.gmail.com>
On Thu, Nov 19, 2015 at 06:19:10PM +0200, Octavian Purdila wrote:
> On Thu, Nov 19, 2015 at 5:23 PM, Seth Forshee
> <seth.forshee@canonical.com> wrote:
> > On Wed, Nov 18, 2015 at 12:00:17AM +0200, Octavian Purdila wrote:
> >> On Tue, Nov 17, 2015 at 10:12 PM, Richard Weinberger <richard@nod.at> wrote:
> >> > Am 17.11.2015 um 20:25 schrieb Octavian Purdila:
> >> >> On Tue, Nov 17, 2015 at 9:21 PM, Seth Forshee
> >> >> <seth.forshee@canonical.com> wrote:
> >> >>>
> >> >>> On Tue, Nov 17, 2015 at 08:12:31PM +0100, Richard Weinberger wrote:
> >> >>>> On Tue, Nov 17, 2015 at 7:34 PM, Seth Forshee
> >> >>>> <seth.forshee@canonical.com> wrote:
> >> >>>>> On Tue, Nov 17, 2015 at 05:55:06PM +0000, Al Viro wrote:
> >> >>>>>> On Tue, Nov 17, 2015 at 11:25:51AM -0600, Seth Forshee wrote:
> >> >>>>>>
> >> >>>>>>> Shortly after that I plan to follow with support for ext4. I've been
> >> >>>>>>> fuzzing ext4 for a while now and it has held up well, and I'm currently
> >> >>>>>>> working on hand-crafted attacks. Ted has commented privately (to others,
> >> >>>>>>> not to me personally) that he will fix bugs for such attacks, though I
> >> >>>>>>> haven't seen any public comments to that effect.
> >> >>>>>>
> >> >>>>>> _Static_ attacks, or change-image-under-mounted-fs attacks?
> >> >>>>>
> >> >>>>> Right now only static attacks, change-image-under-mounted-fs attacks
> >> >>>>> will be next.
> >> >>>>
> >> >>>> Do we *really* need to enable unprivileged mounting of kernel filesystems?
> >> >>>> What about just enabling fuse and implement ext4 and friends as fuse
> >> >>>> filesystems?
> >> >>>> Using the approaching Linux Kernel Libary[1] this is easy.
> >> >>>
> >> >>> I haven't looked at this project, but I'm guessing that programs must be
> >> >>> written specifically to make use of it? I.e. you can't just use the
> >> >>> mount syscall, and thus all existing software still doesn't work?
> >> >>>
> >> >>
> >> >> The projects includes a lklfuse program that uses fuse to mount a
> >> >> fileystem image.
> >> >
> >> > Cool. I gave it a try.
> >> > It seems to work fine, but only if I run it in foreground (using -d)
> >> > otherwise fuse blocks every filesystem request.
> >> >
> >>
> >> Now it should work in the background as well, thanks for reporting the issue.
> >
>
> Hi Seth,
>
> > I'm playing with lklfuse now, it's surprisingly easy to get up and
> > running. I did have a few problems though that I thought you'd like to
> > know about.
> >
>
> Great, thanks for giving it a try and reporting the issues.
No problem, looks like a promising project.
> > Unfortunately I still can't run it in background mode, I get a segfault.
>
> I got it to reproduce as well now. Not sure why how it worked before,
> probably a race condition between lkl initialization and fuse calls.
>
> > It's working fine on light workloads, but I'm having issues when I start
> > trying to stress it. In a couple runs of the stress-ng filesystem
> > stressors I saw both stress-ng and lklfuse get stuck in uninterruptible
> > sleep during the first run, and during the second I got some OOM errors
> > in lklfuse followed by I/O errors and eventually a journal error that
> > cause the filesystem to go read-only.
> >
> > The command I used for the first run was:
> >
> > stress-ng --class filesystem --all 0
> >
>
> I will reproduce it and take a look.
>
> > And for the second:
> >
> > stress-ng --class filesystem --seq 0 -v -t 60
> >
> > There really wasn't anything interesting in the lklfuse output for the
> > first run, but for the second run I pasted the output here:
> > http://paste.ubuntu.com/13346993/
>
> lklfuse allocates a fixed 100MB to the kernel and this is probably not
> enough. For the short term I can add a parameter to lklfuse that
> allows the user to specify the amount of memory to allocate to lkl. A
> better fix would probably be to dynamically adjust the memory size of
> lkl. I am thinking of using the ballon virtio driver or the memory
> hotplug infrastructure. Any other suggestions?
>
> I created a couple of issues in github [1] that you can track if you
> want - I want to avoid spamming the list with reporting progress on
> them.
Makes sense, I'm watching those issues now and will direct any furure
discussion there. Thanks!
next prev parent reply other threads:[~2015-11-19 16:31 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-17 16:39 [PATCH v3 0/7] User namespace mount updates Seth Forshee
2015-11-17 16:39 ` [PATCH v3 1/7] block_dev: Support checking inode permissions in lookup_bdev() Seth Forshee
2015-11-17 16:39 ` [PATCH v3 2/7] block_dev: Check permissions towards block device inode when mounting Seth Forshee
2015-11-17 16:39 ` [PATCH v3 3/7] mtd: Check permissions towards mtd " Seth Forshee
2015-11-17 16:39 ` [PATCH v3 4/7] fs: Treat foreign mounts as nosuid Seth Forshee
2015-11-18 0:00 ` James Morris
2015-11-17 16:39 ` [PATCH v3 5/7] selinux: Add support for unprivileged mounts from user namespaces Seth Forshee
2015-11-18 0:02 ` James Morris
2015-11-17 16:39 ` [PATCH v3 6/7] userns: Replace in_userns with current_in_userns Seth Forshee
2015-11-18 0:03 ` James Morris
2015-11-17 16:39 ` [PATCH v3 7/7] Smack: Handle labels consistently in untrusted mounts Seth Forshee
2015-11-17 18:24 ` Casey Schaufler
2015-11-17 18:24 ` Casey Schaufler
2015-11-18 0:12 ` James Morris
2015-11-18 0:50 ` Seth Forshee
2015-11-17 17:05 ` [PATCH v3 0/7] User namespace mount updates Al Viro
2015-11-17 17:25 ` Seth Forshee
2015-11-17 17:45 ` Serge E. Hallyn
2015-11-17 17:55 ` Al Viro
2015-11-17 18:34 ` Seth Forshee
2015-11-17 19:12 ` Richard Weinberger
2015-11-17 19:21 ` Seth Forshee
2015-11-17 19:25 ` Octavian Purdila
2015-11-17 20:12 ` Richard Weinberger
2015-11-17 22:00 ` Octavian Purdila
2015-11-19 15:23 ` Seth Forshee
2015-11-19 16:19 ` Octavian Purdila
2015-11-19 16:31 ` Seth Forshee [this message]
2015-11-20 17:33 ` Serge E. Hallyn
2015-11-17 19:26 ` Richard Weinberger
2015-11-18 19:10 ` Theodore Ts'o
2015-11-18 19:28 ` Seth Forshee
2015-11-18 19:32 ` Serge Hallyn
2015-11-17 19:02 ` Austin S Hemmelgarn
2015-11-17 19:16 ` Seth Forshee
2015-11-17 19:16 ` Seth Forshee
2015-11-17 20:54 ` Austin S Hemmelgarn
2015-11-17 21:32 ` Seth Forshee
2015-11-18 12:23 ` Austin S Hemmelgarn
2015-11-18 14:22 ` Seth Forshee
2015-11-18 14:58 ` Al Viro
2015-11-18 15:05 ` Seth Forshee
2015-11-18 15:05 ` Seth Forshee
2015-11-18 15:13 ` Al Viro
2015-11-18 15:19 ` Richard Weinberger
2015-11-19 7:47 ` James Morris
2015-11-19 7:53 ` Richard Weinberger
2015-11-19 14:21 ` Serge E. Hallyn
2015-11-19 15:04 ` Richard Weinberger
2015-11-19 14:37 ` Colin Walters
2015-11-19 14:49 ` Richard Weinberger
2015-11-19 15:17 ` Richard W.M. Jones
2015-11-19 14:58 ` Serge E. Hallyn
2015-11-18 15:34 ` Austin S Hemmelgarn
2015-11-18 15:36 ` Nikolay Borisov
2015-11-17 19:30 ` Al Viro
2015-11-17 20:39 ` Austin S Hemmelgarn
2015-11-17 21:05 ` Al Viro
2015-11-17 22:01 ` Seth Forshee
2015-11-18 12:46 ` Austin S Hemmelgarn
2015-11-18 14:30 ` Seth Forshee
2015-11-18 15:38 ` Austin S Hemmelgarn
[not found] ` <564C9B92.5080107-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2015-11-18 18:33 ` Daniel J Walsh
2015-11-18 18:33 ` Daniel J Walsh
2015-11-18 18:33 ` Daniel J Walsh
2015-11-18 18:44 ` J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151119163134.GB45540@ubuntu-hedt \
--to=seth.forshee@canonical.com \
--cc=dm-devel@redhat.com \
--cc=ebiederm@xmission.com \
--cc=linux-bcache@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mtd@lists.infradead.org \
--cc=linux-raid@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=octavian.purdila@intel.com \
--cc=richard@nod.at \
--cc=selinux@tycho.nsa.gov \
--cc=serge.hallyn@canonical.com \
--cc=tytso@mit.edu \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.