From: Miklos Szeredi <mszeredi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
lkml <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Seth Forshee
<seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org>,
Alban Crequy <alban-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>,
Sargun Dhillon <sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org>,
linux-fsdevel
<linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH v9 0/4] fuse: mounts from non-init user namespaces
Date: Wed, 21 Mar 2018 09:38:46 +0100 [thread overview]
Message-ID: <CAOssrKf8_zhw+J_B59wkJ9zj-adRj_f3B4hDUq1CPSF30mX0nQ__24388.0747737878$1521621419$gmane$org@mail.gmail.com> (raw)
In-Reply-To: <87tvta38lu.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
On Tue, Mar 20, 2018 at 7:27 PM, Eric W. Biederman
<ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> wrote:
> Miklos Szeredi <mszeredi-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> writes:
>> I did just one modification to "fuse: Fail all requests with invalid
>> uids or gids": instead of zeroing out the context for the nofail case,
>> continue to use the "_munged" variants. I don't think this hurts and
>> is better for backward compatibility (I guess the only relevant use
>> would be for debugging output, but we don't want to regress even for
>> that if not necessary)
>
> Hmm...
>
> The thing is the failure doesn't come in the difference between the
> _munged and the normal variants. The difference between
> munged and non-munged variants is how they handled failure ((uid16_t)-2)
> aka 0xfffe for munged and -1 for the non-munged case.
>
> The failures are introduced by changing &init_user_ns to fc->user_ns.
Right.
> The operations in question are iop->flush and fuse_force_forget (on an
> error). I don't know what value having ids on those paths will do
> they are operations that must succeed, and they should not change the
> on-disk ids. I was thinking saying the most privileged id was asking
> for the oepration would seem to make sense.
I don't think anybody should actually *care* about the id's in flush,
but I'd still not change the current behavior for change's sake.
>
> With the munged variants we will get (uid16_t)-2 aka 0xfffe aka
> nobody asking for the operation if things don't map. In practice
> the don't map case is new.
>
> Since the id's should not be looked at anyway I don't see it makes
> much difference which ids we use so the munged case seems at least
> plausible.
>
> It might be better to use the non-munghed variant and do:
> if (req->in.h.uid == (uid_t)-1)
> req.in.h.uid = 0;
> if (req->in.h.gid == (gid_t)-1)
> req.in.h.gid = 0;
>
> That might be less surprising to userspace. As I don't think the
> unmapped case has ever occurred in practice yet.
Right, that would work too, but I don't think it actually matters, so
unless you can think of an actual security issue arising from using
the munged variants, I'd just leave it as it is.
Thanks,
Miklos
next prev parent reply other threads:[~2018-03-21 8:38 UTC|newest]
Thread overview: 218+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-22 14:32 [PATCH v5 00/11] FUSE mounts from non-init user namespaces Dongsu Park
2017-12-22 14:32 ` [PATCH 01/11] block_dev: Support checking inode permissions in lookup_bdev() Dongsu Park
2017-12-22 18:59 ` Coly Li
2017-12-23 12:00 ` Dongsu Park
[not found] ` <17fbec10-68b1-2d2b-d417-2cdfee22b0fa-53JG2FQvpdo@public.gmane.org>
2017-12-23 12:00 ` Dongsu Park
[not found] ` <ef5e609602df6d7e2b4aa07b92600f04b6851902.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-22 18:59 ` Coly Li
2017-12-23 3:03 ` Serge E. Hallyn
2017-12-23 3:03 ` Serge E. Hallyn
2017-12-22 14:32 ` [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes Dongsu Park
[not found] ` <ac3d34002d7690f6ca5928b57b7fc4d707104b04.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:17 ` Serge E. Hallyn
2017-12-23 3:17 ` Serge E. Hallyn
2018-01-05 19:24 ` Luis R. Rodriguez
2018-02-13 13:18 ` Miklos Szeredi
2018-01-05 19:24 ` Luis R. Rodriguez
2018-01-09 15:10 ` Dongsu Park
2018-01-09 17:23 ` Luis R. Rodriguez
[not found] ` <CANxcAMvDQFH0g5PPnVZ3p2Tei04N+8fNf0pk02DrfTkBHjjrPQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-09 17:23 ` Luis R. Rodriguez
[not found] ` <20180105192407.GF22430-B4tOwbsTzaBolqkO4TVVkw@public.gmane.org>
2018-01-09 15:10 ` Dongsu Park
2018-02-13 13:18 ` Miklos Szeredi
2018-02-16 22:00 ` Eric W. Biederman
[not found] ` <CAOssrKcZeAHsRz7P_dxh==QAKnp7HeSTh4vWY2tgbWa1ZD918g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 22:00 ` Eric W. Biederman
2017-12-22 14:32 ` [PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root Dongsu Park
[not found] ` <ddf1fb9b5001e633e0022dee7fecb0ef431e851f.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:26 ` Serge E. Hallyn
2017-12-23 3:26 ` Serge E. Hallyn
2017-12-23 12:38 ` Dongsu Park
[not found] ` <CANxcAMtpE05xpOPt3Ua+4DkiTzkW5hOo4BBpiNZh_5+RTCfThA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-13 13:37 ` Miklos Szeredi
2018-02-13 13:37 ` Miklos Szeredi
[not found] ` <20171223032606.GD6837-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-12-23 12:38 ` Dongsu Park
2017-12-22 14:32 ` [PATCH 05/11] fs: Allow superblock owner to access do_remount_sb() Dongsu Park
[not found] ` <8dd484dceb9e96e5b67f21b8a0cf333753985e89.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:30 ` Serge E. Hallyn
2017-12-23 3:30 ` Serge E. Hallyn
2017-12-22 14:32 ` [PATCH 08/11] fuse: Support fuse filesystems outside of init_user_ns Dongsu Park
2018-01-17 10:59 ` Alban Crequy
2018-01-17 14:29 ` Seth Forshee
2018-01-17 18:56 ` Alban Crequy
2018-01-17 18:56 ` Alban Crequy
2018-01-17 19:31 ` Seth Forshee
2018-01-18 10:29 ` Alban Crequy
2018-01-18 10:29 ` Alban Crequy
[not found] ` <CADZs7q6ZHGHbrdL96Bmy148Zc6TxruiJrEeDjaDYEX8U-5QV1A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-17 19:31 ` Seth Forshee
[not found] ` <CADZs7q5NA7Kox62vnCOkL=TGgzTxX+oNYz6=oNXKWkQkQwSMrA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-17 14:29 ` Seth Forshee
[not found] ` <c85c293e19a478353aba8e6e3ee39e5914f798d5.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:46 ` Serge E. Hallyn
2017-12-23 3:46 ` Serge E. Hallyn
2018-01-17 10:59 ` Alban Crequy
2018-02-12 15:57 ` Miklos Szeredi
2018-02-12 15:57 ` Miklos Szeredi
2018-02-12 16:35 ` Eric W. Biederman
[not found] ` <87lgfy5fpd.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-13 10:20 ` Miklos Szeredi
2018-02-13 10:20 ` Miklos Szeredi
[not found] ` <CAOssrKcKz8p9YQJLf2W_NCBo+12auxir5jFwXGbANdWdgavpsw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 21:52 ` Eric W. Biederman
2018-02-16 21:52 ` Eric W. Biederman
[not found] ` <CAOssrKd6vkMDwRT=QQofKCufzQczzQ7dXoVbVfVax-0HqD986w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-12 16:35 ` Eric W. Biederman
2018-02-20 2:12 ` Eric W. Biederman
2018-02-20 2:12 ` Eric W. Biederman
[not found] ` <cover.1512741134.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-22 14:32 ` [PATCH 01/11] block_dev: Support checking inode permissions in lookup_bdev() Dongsu Park
2017-12-22 14:32 ` [PATCH 02/11] mtd: Check permissions towards mtd block device inode when mounting Dongsu Park
2017-12-22 14:32 ` Dongsu Park
[not found] ` <945d325a2239efcd55273abb2bac41cfc7264fea.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-22 21:06 ` Richard Weinberger
2017-12-23 3:05 ` Serge E. Hallyn
2017-12-22 21:06 ` Richard Weinberger
[not found] ` <CAFLxGvwzRBGJf0-jCAwGts1HwV_nT072+yhHLP079sxQezoTFQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-12-23 12:18 ` Dongsu Park
2017-12-23 12:18 ` Dongsu Park
[not found] ` <CANxcAMtVqgLmQaTtfJocGGgsn5dSX2CDwzh6bwv6OnjUUwsTrg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2017-12-23 12:56 ` Richard Weinberger
2017-12-23 12:56 ` Richard Weinberger
2017-12-23 3:05 ` Serge E. Hallyn
2017-12-22 14:32 ` [PATCH 03/11] fs: Allow superblock owner to change ownership of inodes Dongsu Park
2017-12-22 14:32 ` [PATCH 04/11] fs: Don't remove suid for CAP_FSETID for userns root Dongsu Park
2017-12-22 14:32 ` [PATCH 05/11] fs: Allow superblock owner to access do_remount_sb() Dongsu Park
2017-12-22 14:32 ` [PATCH 06/11] capabilities: Allow privileged user in s_user_ns to set security.* xattrs Dongsu Park
2017-12-22 14:32 ` Dongsu Park
2017-12-22 14:32 ` Dongsu Park
2017-12-23 3:33 ` Serge E. Hallyn
2017-12-23 3:33 ` Serge E. Hallyn
[not found] ` <5adc5e31c25beb987798ecc219df79671547a9ac.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:33 ` Serge E. Hallyn
2017-12-22 14:32 ` [PATCH 07/11] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems Dongsu Park
2017-12-22 14:32 ` Dongsu Park
2017-12-23 3:39 ` Serge E. Hallyn
2018-02-14 12:28 ` Miklos Szeredi
[not found] ` <CAOssrKeSTY1pAhpmegFWdGh7irNbT4veG5JaYFj8Q1JjMynadw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-19 22:56 ` Eric W. Biederman
2018-02-19 22:56 ` Eric W. Biederman
[not found] ` <61a37f0b159dd56825696d8d3beb8eaffdf1f72f.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:39 ` Serge E. Hallyn
2018-02-14 12:28 ` Miklos Szeredi
2017-12-22 14:32 ` [PATCH 08/11] fuse: Support fuse filesystems outside of init_user_ns Dongsu Park
2017-12-22 14:32 ` [PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant Dongsu Park
2017-12-22 14:32 ` [PATCH 10/11] fuse: Allow user namespace mounts Dongsu Park
2017-12-22 14:32 ` [PATCH 11/11] evm: Don't update hmacs in user ns mounts Dongsu Park
2017-12-25 7:05 ` [PATCH v5 00/11] FUSE mounts from non-init user namespaces Eric W. Biederman
2018-02-13 11:32 ` Miklos Szeredi
2018-02-13 11:32 ` Miklos Szeredi
2018-02-16 21:53 ` Eric W. Biederman
[not found] ` <CAOssrKey+oxahrXHO5d6Lu1ZD=r1t-b0i4iZM_Ke9ToqTckjkQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-16 21:53 ` Eric W. Biederman
2018-02-21 20:24 ` [PATCH v6 0/6] fuse: " Eric W. Biederman
2018-02-21 20:24 ` Eric W. Biederman
[not found] ` <878tbmf5vl.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-21 20:29 ` [PATCH v6 1/5] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read Eric W. Biederman
2018-02-21 20:29 ` Eric W. Biederman
2018-02-22 10:13 ` Miklos Szeredi
[not found] ` <CAOssrKch20vj8phkjfjMe=07-8uQiuXfOuCTDjrMzPbkg6DoxA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-22 19:04 ` Eric W. Biederman
2018-02-22 19:04 ` Eric W. Biederman
2018-02-21 20:29 ` [PATCH v6 2/5] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
2018-02-21 20:29 ` Eric W. Biederman
2018-02-22 10:26 ` Miklos Szeredi
[not found] ` <CAOssrKeYuVj6ZWUrXp7R_d+wdoArnJ=mhRp22qE9JBW3x-7tfw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-22 18:15 ` Eric W. Biederman
2018-02-22 18:15 ` Eric W. Biederman
2018-02-21 20:29 ` [PATCH v6 3/5] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-02-21 20:29 ` Eric W. Biederman
2018-02-21 20:29 ` [PATCH v6 4/5] fuse: Ensure posix acls are translated " Eric W. Biederman
2018-02-21 20:29 ` Eric W. Biederman
2018-02-22 11:40 ` Miklos Szeredi
[not found] ` <CAOssrKeNLBeMkMrrCeRBO9Z80zFxCCEygKL3DErnQ9xBoLkH0g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-22 19:18 ` Eric W. Biederman
2018-02-22 19:18 ` Eric W. Biederman
[not found] ` <87inao6dfa.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-22 22:50 ` Eric W. Biederman
2018-02-22 22:50 ` Eric W. Biederman
2018-02-26 7:47 ` Miklos Szeredi
[not found] ` <CAOssrKd+c0Mx+=S-+zr1QS8a37Pm=VGki=FVR+LXQZBsk3byqA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-26 16:35 ` Eric W. Biederman
2018-02-26 16:35 ` Eric W. Biederman
[not found] ` <87zi3v1zga.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-26 21:51 ` Eric W. Biederman
2018-02-26 21:51 ` Eric W. Biederman
[not found] ` <87mv004p0t.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-26 7:47 ` Miklos Szeredi
2018-02-21 20:29 ` [PATCH v6 5/5] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-02-21 20:29 ` Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 0/7] fuse: mounts from non-init user namespaces Eric W. Biederman
2018-02-26 23:52 ` Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 1/7] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read Eric W. Biederman
[not found] ` <87po4rz4ui.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-26 23:52 ` Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 2/7] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
2018-02-26 23:52 ` Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 3/7] fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 4/7] fuse: Cache a NULL acl when FUSE_GETXATTR returns -ENOSYS Eric W. Biederman
2018-02-26 23:53 ` [PATCH v7 5/7] fuse: Simplfiy the posix acl handling logic Eric W. Biederman
2018-02-26 23:53 ` Eric W. Biederman
[not found] ` <20180226235302.12708-5-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-27 9:00 ` Miklos Szeredi
2018-02-27 9:00 ` Miklos Szeredi
[not found] ` <CAOssrKeWvYpgj4_cgsRBL_kTOHyRS-9_mfO9JHP-JahgqFnfHQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-02 21:49 ` Eric W. Biederman
2018-03-02 21:49 ` Eric W. Biederman
2018-02-26 23:53 ` [PATCH v7 6/7] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-02-26 23:53 ` Eric W. Biederman
2018-02-26 23:53 ` [PATCH v7 7/7] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-03-02 21:58 ` [PATCH v8 0/6] fuse: mounts from non-init user namespaces Eric W. Biederman
2018-02-26 23:52 ` [PATCH v7 3/7] fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE Eric W. Biederman
[not found] ` <20180226235302.12708-3-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-27 1:13 ` Linus Torvalds
2018-02-27 1:13 ` Linus Torvalds
[not found] ` <CA+55aFySgJyR6JLcS9HLC9wEpWU1isdyTkchHxZHbJWsh7HFpg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-27 2:53 ` Eric W. Biederman
2018-02-27 2:53 ` Eric W. Biederman
[not found] ` <87r2p7rvn5.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-27 3:14 ` Eric W. Biederman
2018-02-27 3:14 ` Eric W. Biederman
[not found] ` <87tvu3qg2b.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-02-27 3:41 ` Linus Torvalds
2018-02-27 3:41 ` Linus Torvalds
[not found] ` <CA+55aFwPo7Pbq+3Oup-oo8MUFHeEpFXp7qr6z2PrzKp7S0ON+A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-02 19:53 ` [RFC][PATCH] fs/posix_acl: Update the comments and support lightweight cache skipping Eric W. Biederman
2018-03-02 19:53 ` Eric W. Biederman
2018-02-27 3:36 ` [PATCH v7 3/7] fs/posix_acl: Document that get_acl respects ACL_DONT_CACHE Linus Torvalds
2018-02-27 3:36 ` Linus Torvalds
2018-02-26 23:52 ` [PATCH v7 4/7] fuse: Cache a NULL acl when FUSE_GETXATTR returns -ENOSYS Eric W. Biederman
2018-02-26 23:53 ` [PATCH v7 7/7] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-03-02 21:58 ` [PATCH v8 0/6] fuse: mounts from non-init user namespaces Eric W. Biederman
[not found] ` <87r2p287i8.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-02 21:59 ` [PATCH v8 1/6] fs/posix_acl: Update the comments and support lightweight cache skipping Eric W. Biederman
2018-03-02 21:59 ` Eric W. Biederman
[not found] ` <20180302215919.27207-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-05 9:53 ` Miklos Szeredi
2018-03-05 9:53 ` Miklos Szeredi
[not found] ` <CAOssrKf0cuxx1YLiwFJHSnzMOOoejjWWibs98Mb5KSXVSSXfOg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-05 13:53 ` Eric W. Biederman
2018-03-05 13:53 ` Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 2/6] fuse: Simplfiy the posix acl handling logic Eric W. Biederman
2018-03-02 21:59 ` Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 3/6] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read Eric W. Biederman
2018-03-02 21:59 ` Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 4/6] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 5/6] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 6/6] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-03-02 21:59 ` Eric W. Biederman
2018-03-08 21:23 ` [PATCH v9 0/4] fuse: mounts from non-init user namespaces Eric W. Biederman
2018-03-08 21:23 ` Eric W. Biederman
2018-03-08 21:24 ` [PATCH v9 1/4] fuse: Remove the buggy retranslation of pids in fuse_dev_do_read Eric W. Biederman
[not found] ` <87ina6ntx0.fsf_-_-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-08 21:24 ` Eric W. Biederman
2018-03-08 21:24 ` [PATCH v9 2/4] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
2018-03-08 21:24 ` Eric W. Biederman
2018-03-08 21:24 ` [PATCH v9 3/4] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-03-08 21:24 ` [PATCH v9 4/4] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-03-20 16:25 ` [PATCH v9 0/4] fuse: mounts from non-init user namespaces Miklos Szeredi
2018-03-08 21:24 ` [PATCH v9 3/4] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2018-03-08 21:24 ` [PATCH v9 4/4] fuse: Restrict allow_other to the superblock's namespace or a descendant Eric W. Biederman
2018-03-20 16:25 ` [PATCH v9 0/4] fuse: mounts from non-init user namespaces Miklos Szeredi
[not found] ` <CAOssrKebhX-nm06RAwep8HUUV4QpsAa=ZOgxdRyP=WF9p-=4Tw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-03-20 18:27 ` Eric W. Biederman
2018-03-20 18:27 ` Eric W. Biederman
2018-03-21 8:38 ` Miklos Szeredi
[not found] ` <87tvta38lu.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-03-21 8:38 ` Miklos Szeredi [this message]
2018-03-02 21:59 ` [PATCH v8 4/6] fuse: Fail all requests with invalid uids or gids Eric W. Biederman
2018-03-02 21:59 ` [PATCH v8 5/6] fuse: Support fuse filesystems outside of init_user_ns Eric W. Biederman
2017-12-22 14:32 ` [PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant Dongsu Park
2017-12-23 3:50 ` Serge E. Hallyn
[not found] ` <d055925e5d5c0099e9e9c871004fb45fab67e4bc.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:50 ` Serge E. Hallyn
2018-02-19 23:16 ` Eric W. Biederman
2018-02-19 23:16 ` Eric W. Biederman
2017-12-22 14:32 ` [PATCH 10/11] fuse: Allow user namespace mounts Dongsu Park
[not found] ` <a26103156b3f6ba73b1e46c6f577f1bee74872d9.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 3:51 ` Serge E. Hallyn
2017-12-23 3:51 ` Serge E. Hallyn
2018-02-14 13:44 ` Miklos Szeredi
2018-02-14 13:44 ` Miklos Szeredi
[not found] ` <CAOssrKcHOp9OaCWRALsxe5MTk+tv7Gi5rPsHz2VLguzK-P+LMw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-15 8:46 ` Miklos Szeredi
2018-02-15 8:46 ` Miklos Szeredi
2017-12-22 14:32 ` [PATCH 11/11] evm: Don't update hmacs in user ns mounts Dongsu Park
2017-12-22 14:32 ` Dongsu Park
[not found] ` <1f2233a1a028f1eb1e9bea7d06efa6d34e69e752.1512041070.git.dongsu-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org>
2017-12-23 4:03 ` Serge E. Hallyn
2017-12-23 4:03 ` Serge E. Hallyn
2017-12-23 4:03 ` Serge E. Hallyn
[not found] ` <20171223040348.GK6837-7LNsyQBKDXoIagZqoN9o3w@public.gmane.org>
2017-12-24 5:12 ` Mimi Zohar
2017-12-24 5:12 ` Mimi Zohar
2017-12-24 5:12 ` Mimi Zohar
2017-12-24 5:12 ` Mimi Zohar
[not found] ` <1514092328.5221.116.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-12-24 5:56 ` Mimi Zohar
2017-12-24 5:56 ` Mimi Zohar
2017-12-24 5:56 ` Mimi Zohar
2017-12-24 5:56 ` Mimi Zohar
2017-12-25 7:05 ` [PATCH v5 00/11] FUSE mounts from non-init user namespaces Eric W. Biederman
[not found] ` <877etbcmnd.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2018-01-09 15:05 ` Dongsu Park
2018-01-09 15:05 ` Dongsu Park
2018-01-18 14:58 ` Alban Crequy
[not found] ` <CADZs7q438szfwd-kaaRDnpDFrmno3zy7Zq+6EsnotW8bS0vrTA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-02-19 23:09 ` Eric W. Biederman
2018-02-19 23:09 ` Eric W. Biederman
[not found] ` <CANxcAMvwwiPXBTKmTM9sEo8Y1T--V7fNaFqzHfyEvwvaYQV60A-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2018-01-18 14:58 ` Alban Crequy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAOssrKf8_zhw+J_B59wkJ9zj-adRj_f3B4hDUq1CPSF30mX0nQ__24388.0747737878$1521621419$gmane$org@mail.gmail.com' \
--to=mszeredi-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=alban-lYLaGTFnO9sWenYVfaLwtA@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=sargun-GaZTRHToo+CzQB+pC5nmwQ@public.gmane.org \
--cc=seth.forshee-Z7WLFzj8eWMS+FvcfC7Uqw@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.