From: Dave Chinner <firstname.lastname@example.org> To: "Eric W. Biederman" <email@example.com> Cc: "Theodore Y. Ts'o" <firstname.lastname@example.org>, Linux Containers <email@example.com>, firstname.lastname@example.org, Seth Forshee <email@example.com>, "Serge E. Hallyn" <firstname.lastname@example.org>, Christian Brauner <email@example.com>, firstname.lastname@example.org Subject: Re: [REVIEW][PATCH 0/6] Wrapping up the vfs support for unprivileged mounts Date: Wed, 30 May 2018 14:34:55 +1000 [thread overview] Message-ID: <20180530043455.GN23861@dastard> (raw) In-Reply-To: <email@example.com> On Tue, May 29, 2018 at 09:34:35PM -0500, Eric W. Biederman wrote: > Dave Chinner <firstname.lastname@example.org> writes: > > > Yeah, the are some fairly big process and policy things that > > need to be decided here. Not just at the kernel level, but at > > distro and app infrastructure level too. > > > > I was originally sceptical of supporting kernel filesystems via > > lkl, but the desire for unprivileged mounts has not gone away > > and so I'm less worried about accessing filesystems that way > > than I am of letting the kernel parse untrusted images from > > untrusted users... > > There is also the more readily available libguestfs which doesn't > support as many filesystems but does seem available in most linux > distributions already. It already has a fuse option available > with guestmount. I may have to dig in there and see how to make > it available without using fusermount. That only provides host access to filesystems mounted inside guest VMs, right? AFAIA, libguestfs is not providing a FUSE implementation that mounts and parses raw XFS images. e.g it barely understands anything XFS, and that which it does is via running and screen-scraping the output of XFS's userspace management tools... > > I'm not sure what the correct forum for this is - wasn't this > > something the Plumbers conference was supposed to facilitate? > > Yes. If we all need to be in a room and talk about things. > It is early enough in the planning for Plumers that we could > definitely schedule a talk or a BOF for this. Ok. I have no idea if I'll be at plumbers - it's an awful long way from where I am.... Cheers, Dave. -- Dave Chinner email@example.com
next prev parent reply other threads:[~2018-05-30 4:34 UTC|newest] Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-05-23 23:22 Eric W. Biederman 2018-05-23 23:25 ` [REVIEW][PATCH 1/6] vfs: Don't allow changing the link count of an inode with an invalid uid or gid Eric W. Biederman 2018-05-24 12:58 ` Seth Forshee 2018-05-24 22:30 ` Christian Brauner 2018-05-23 23:25 ` [REVIEW][PATCH 2/6] vfs: Allow userns root to call mknod on owned filesystems Eric W. Biederman 2018-05-24 13:55 ` Seth Forshee 2018-05-24 16:55 ` Eric W. Biederman 2018-05-24 17:22 ` Seth Forshee 2018-05-24 19:12 ` Christian Brauner 2018-05-23 23:25 ` [REVIEW][PATCH 3/6] fs: Allow superblock owner to replace invalid owners of inodes Eric W. Biederman 2018-05-23 23:41 ` [REVIEW][PATCH v2 " Eric W. Biederman 2018-05-24 22:30 ` Christian Brauner 2018-05-23 23:25 ` [REVIEW][PATCH 4/6] fs: Allow superblock owner to access do_remount_sb() Eric W. Biederman 2018-05-24 15:58 ` Christian Brauner 2018-05-24 16:45 ` Eric W. Biederman 2018-05-24 17:28 ` Christian Brauner 2018-05-23 23:25 ` [REVIEW][PATCH 5/6] capabilities: Allow privileged user in s_user_ns to set security.* xattrs Eric W. Biederman 2018-05-24 15:57 ` Christian Brauner 2018-05-23 23:25 ` [REVIEW][PATCH 6/6] fs: Allow CAP_SYS_ADMIN in s_user_ns to freeze and thaw filesystems Eric W. Biederman 2018-05-24 15:59 ` Christian Brauner 2018-05-24 21:46 ` [REVIEW][PATCH 0/6] Wrapping up the vfs support for unprivileged mounts Theodore Y. Ts'o 2018-05-24 23:23 ` Eric W. Biederman 2018-05-25 3:57 ` Dave Chinner 2018-05-25 4:06 ` Darrick J. Wong 2018-05-29 13:12 ` Eric W. Biederman 2018-05-29 22:17 ` Dave Chinner 2018-05-30 2:34 ` Eric W. Biederman 2018-05-30 4:34 ` Dave Chinner [this message] 2018-05-29 15:40 ` Dongsu Park
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20180530043455.GN23861@dastard \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --subject='Re: [REVIEW][PATCH 0/6] Wrapping up the vfs support for unprivileged mounts' \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).