From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id BA1C8C46464 for ; Sat, 11 Aug 2018 01:32:27 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7264E22429 for ; Sat, 11 Aug 2018 01:32:27 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7264E22429 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=xmission.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726747AbeHKEEp (ORCPT ); Sat, 11 Aug 2018 00:04:45 -0400 Received: from out01.mta.xmission.com ([166.70.13.231]:59717 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725199AbeHKEEp (ORCPT ); Sat, 11 Aug 2018 00:04:45 -0400 Received: from in01.mta.xmission.com ([166.70.13.51]) by out01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1foIlS-0004RL-5c; Fri, 10 Aug 2018 19:32:22 -0600 Received: from [97.119.167.31] (helo=x220.xmission.com) by in01.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.87) (envelope-from ) id 1foIlQ-00025T-Mm; Fri, 10 Aug 2018 19:32:21 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: "Darrick J. Wong" Cc: "Theodore Y. Ts'o" , Andy Lutomirski , David Howells , Al Viro , John Johansen , Tejun Heo , SELinux-NSA , Paul Moore , Li Zefan , Linux API , apparmor@lists.ubuntu.com, Casey Schaufler , Fenghua Yu , Greg Kroah-Hartman , Eric Biggers , LSM List , Tetsuo Handa , Johannes Weiner , Stephen Smalley , tomoyo-dev-en@lists.sourceforge.jp, "open list\:CONTROL GROUP \(CGROUP\)" , Linus Torvalds , Linux FS Devel , LKML , Miklos Szeredi References: <20180810153902.GH21087@thunk.org> <87d0uqpba5.fsf@xmission.com> <153313703562.13253.5766498657900728120.stgit@warthog.procyon.org.uk> <22361.1533913891@warthog.procyon.org.uk> <28045.1533916438@warthog.procyon.org.uk> <20180810161400.GA627@thunk.org> <20180810204639.GI627@thunk.org> <20180810221234.GC4211@magnolia> <20180810235447.GK627@thunk.org> <20180811003852.GA10463@magnolia> Date: Fri, 10 Aug 2018 20:32:04 -0500 In-Reply-To: <20180811003852.GA10463@magnolia> (Darrick J. Wong's message of "Fri, 10 Aug 2018 17:38:52 -0700") Message-ID: <87zhxtg02z.fsf@xmission.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1foIlQ-00025T-Mm;;;mid=<87zhxtg02z.fsf@xmission.com>;;;hst=in01.mta.xmission.com;;;ip=97.119.167.31;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19wpjpXAcK0hVjLBP3Ytr6c51gH4N7KUKo= X-SA-Exim-Connect-IP: 97.119.167.31 X-SA-Exim-Mail-From: ebiederm@xmission.com Subject: Re: BUG: Mount ignores mount options X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in01.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org "Darrick J. Wong" writes: > On Fri, Aug 10, 2018 at 07:54:47PM -0400, Theodore Y. Ts'o wrote: >> The reason why I bring this up here is that in container land, there >> are those who believe that "container root" should be able to mount >> file systems, and if the "container root" isn't trusted, the fact that >> the "container root" can crash the host kernel, or worse, corrupt the >> host kernel and break out of the container as a result, that would be >> sad. >> >> I was pretty sure most file system developers are on the same page >> that allowing untrusted "container roots" the ability to mount >> arbitrary block device file systems is insanity. > > Agreed. For me I am happy with fuse. That is sufficient to cover any container use cases people have. If anyone comes bugging you for more I will be happy to push back. The only thing that containers have to do with this is I wind up touching a lot of the kernel/user boundary so I get to see a lot of it and sometimes see weird things. Eric From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman) Subject: Re: BUG: Mount ignores mount options Date: Fri, 10 Aug 2018 20:32:04 -0500 Message-ID: <87zhxtg02z.fsf@xmission.com> References: <20180810153902.GH21087@thunk.org> <87d0uqpba5.fsf@xmission.com> <153313703562.13253.5766498657900728120.stgit@warthog.procyon.org.uk> <22361.1533913891@warthog.procyon.org.uk> <28045.1533916438@warthog.procyon.org.uk> <20180810161400.GA627@thunk.org> <20180810204639.GI627@thunk.org> <20180810221234.GC4211@magnolia> <20180810235447.GK627@thunk.org> <20180811003852.GA10463@magnolia> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20180811003852.GA10463@magnolia> (Darrick J. Wong's message of "Fri, 10 Aug 2018 17:38:52 -0700") List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: apparmor-bounces-nLRlyDuq1AZFpShjVBNYrg@public.gmane.org Sender: "AppArmor" To: "Darrick J. Wong" Cc: Eric Biggers , Tetsuo Handa , LKML , David Howells , SELinux-NSA , tomoyo-dev-en-5NWGOfrQmneRv+LV9MX5uooqe+aC9MnS@public.gmane.org, Paul Moore , Miklos Szeredi , Stephen Smalley , Fenghua Yu , apparmor-nLRlyDuq1AZFpShjVBNYrg@public.gmane.org, Tejun Heo , Al Viro , Andy Lutomirski , "open list:CONTROL GROUP (CGROUP)" , "Theodore Y. Ts'o" , Linux API , Greg Kroah-Hartman , LSM List , Li Zefan , Johannes Weiner , Linux FS Devel , Linus Torvalds List-Id: linux-api@vger.kernel.org IkRhcnJpY2sgSi4gV29uZyIgPGRhcnJpY2sud29uZ0BvcmFjbGUuY29tPiB3cml0ZXM6Cgo+IE9u IEZyaSwgQXVnIDEwLCAyMDE4IGF0IDA3OjU0OjQ3UE0gLTA0MDAsIFRoZW9kb3JlIFkuIFRzJ28g d3JvdGU6Cgo+PiBUaGUgcmVhc29uIHdoeSBJIGJyaW5nIHRoaXMgdXAgaGVyZSBpcyB0aGF0IGlu IGNvbnRhaW5lciBsYW5kLCB0aGVyZQo+PiBhcmUgdGhvc2Ugd2hvIGJlbGlldmUgdGhhdCAiY29u dGFpbmVyIHJvb3QiIHNob3VsZCBiZSBhYmxlIHRvIG1vdW50Cj4+IGZpbGUgc3lzdGVtcywgYW5k IGlmIHRoZSAiY29udGFpbmVyIHJvb3QiIGlzbid0IHRydXN0ZWQsIHRoZSBmYWN0IHRoYXQKPj4g dGhlICJjb250YWluZXIgcm9vdCIgY2FuIGNyYXNoIHRoZSBob3N0IGtlcm5lbCwgb3Igd29yc2Us IGNvcnJ1cHQgdGhlCj4+IGhvc3Qga2VybmVsIGFuZCBicmVhayBvdXQgb2YgdGhlIGNvbnRhaW5l ciBhcyBhIHJlc3VsdCwgdGhhdCB3b3VsZCBiZQo+PiBzYWQuCj4+IAo+PiBJIHdhcyBwcmV0dHkg c3VyZSBtb3N0IGZpbGUgc3lzdGVtIGRldmVsb3BlcnMgYXJlIG9uIHRoZSBzYW1lIHBhZ2UKPj4g dGhhdCBhbGxvd2luZyB1bnRydXN0ZWQgImNvbnRhaW5lciByb290cyIgdGhlIGFiaWxpdHkgdG8g bW91bnQKPj4gYXJiaXRyYXJ5IGJsb2NrIGRldmljZSBmaWxlIHN5c3RlbXMgaXMgaW5zYW5pdHku Cj4KPiBBZ3JlZWQuCgpGb3IgbWUgSSBhbSBoYXBweSB3aXRoIGZ1c2UuICBUaGF0IGlzIHN1ZmZp Y2llbnQgdG8gY292ZXIgYW55IGNvbnRhaW5lcgp1c2UgY2FzZXMgcGVvcGxlIGhhdmUuICAgSWYg YW55b25lIGNvbWVzIGJ1Z2dpbmcgeW91IGZvciBtb3JlIEkgd2lsbCBiZQpoYXBweSB0byBwdXNo IGJhY2suCgpUaGUgb25seSB0aGluZyB0aGF0IGNvbnRhaW5lcnMgaGF2ZSB0byBkbyB3aXRoIHRo aXMgaXMgSSB3aW5kIHVwCnRvdWNoaW5nIGEgbG90IG9mIHRoZSBrZXJuZWwvdXNlciBib3VuZGFy eSBzbyBJIGdldCB0byBzZWUgYSBsb3Qgb2YgaXQKYW5kIHNvbWV0aW1lcyBzZWUgd2VpcmQgdGhp bmdzLgoKRXJpYwoKLS0gCkFwcEFybW9yIG1haWxpbmcgbGlzdApBcHBBcm1vckBsaXN0cy51YnVu dHUuY29tCk1vZGlmeSBzZXR0aW5ncyBvciB1bnN1YnNjcmliZSBhdDogaHR0cHM6Ly9saXN0cy51 YnVudHUuY29tL21haWxtYW4vbGlzdGluZm8vYXBwYXJtb3IK From mboxrd@z Thu Jan 1 00:00:00 1970 From: ebiederm@xmission.com (Eric W. Biederman) Date: Fri, 10 Aug 2018 20:32:04 -0500 Subject: BUG: Mount ignores mount options In-Reply-To: <20180811003852.GA10463@magnolia> (Darrick J. Wong's message of "Fri, 10 Aug 2018 17:38:52 -0700") References: <20180810153902.GH21087@thunk.org> <87d0uqpba5.fsf@xmission.com> <153313703562.13253.5766498657900728120.stgit@warthog.procyon.org.uk> <22361.1533913891@warthog.procyon.org.uk> <28045.1533916438@warthog.procyon.org.uk> <20180810161400.GA627@thunk.org> <20180810204639.GI627@thunk.org> <20180810221234.GC4211@magnolia> <20180810235447.GK627@thunk.org> <20180811003852.GA10463@magnolia> Message-ID: <87zhxtg02z.fsf@xmission.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org "Darrick J. Wong" writes: > On Fri, Aug 10, 2018 at 07:54:47PM -0400, Theodore Y. Ts'o wrote: >> The reason why I bring this up here is that in container land, there >> are those who believe that "container root" should be able to mount >> file systems, and if the "container root" isn't trusted, the fact that >> the "container root" can crash the host kernel, or worse, corrupt the >> host kernel and break out of the container as a result, that would be >> sad. >> >> I was pretty sure most file system developers are on the same page >> that allowing untrusted "container roots" the ability to mount >> arbitrary block device file systems is insanity. > > Agreed. For me I am happy with fuse. That is sufficient to cover any container use cases people have. If anyone comes bugging you for more I will be happy to push back. The only thing that containers have to do with this is I wind up touching a lot of the kernel/user boundary so I get to see a lot of it and sometimes see weird things. Eric