linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: ebiederm@xmission.com (Eric W. Biederman)
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: alexey@kurnosov.spb.ru, Seth Forshee <seth.forshee@canonical.com>,
	Andy Lutomirski <luto@amacapital.net>,
	Serge Hallyn <serge.hallyn@ubuntu.com>,
	fuse-devel <fuse-devel@lists.sourceforge.net>,
	Linux-Fsdevel <linux-fsdevel@vger.kernel.org>,
	Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: [fuse-devel] fuse_get_context() and namespaces
Date: Fri, 22 May 2015 12:32:18 -0500	[thread overview]
Message-ID: <87k2w05xi5.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <CAJfpegsKqG5RX=QueeEewbu4prAF2SZMXT12PkSQTiTutHR-2Q@mail.gmail.com> (Miklos Szeredi's message of "Fri, 22 May 2015 16:23:55 +0200")

Miklos Szeredi <miklos@szeredi.hu> writes:

> On Sat, May 2, 2015 at 5:56 PM,  <alexey@kurnosov.spb.ru> wrote:
>>
>> 3.10.0-229 form Scientific Linux and native 4.0.1-1 (from elrepo).
>> SL 7.1 on the host and SL 6.6 on the LXC guest. At least in 3.10
>> the 499dcf2024092e5cce41d05599a5b51d1f92031a is present.
>> Steps to reproduce:
>>
>> On first console:
>> [root@sl7test ~]# lxc-start  -n test-2 /bin/su -
>> [root@test-2 ~]# diff -u  hello.py /usr/share/doc/fuse-python-0.2.1/example/hello.py
>> --- hello.py    2015-05-02 11:12:13.963093580 -0400
>> +++ /usr/share/doc/fuse-python-0.2.1/example/hello.py   2010-04-14 18:29:21.000000000 -0400
>> @@ -41,8 +41,6 @@
>>  class HelloFS(Fuse):
>>
>>      def getattr(self, path):
>> -        dic = Fuse.GetContext(self)
>> -        print dic
>>          st = MyStat()
>>          if path == '/':
>>              st.st_mode = stat.S_IFDIR | 0755
>> [root@test-2 ~]# python hello.py -f  /mnt/
>>
>> On second console:
>> [root@test-2 ~]# echo $$
>> 41
>> [root@test-2 ~]# ls /mnt/
>> hello
>>
>> Output of first console:
>> {'gid': 0, 'pid': 12083, 'uid': 0}
>
> Thanks.
>
> Digging in mailbox...  There was a thread last year about adding
> support for running fuse daemon in a container:
>
>   http://thread.gmane.org/gmane.linux.kernel/1811658
>
> Not sure what happened, but no updated patches have been posted or
> maybe I just missed them.

We had a discussion and decided to sort out and move as much
functionality as possible into the VFS before proceeding with fuse.
That way there are less weird corner cases to deal with in the review of
the fuse changes.

> Anyway... adding parties of that discussion to the Cc.

It is taking me a bit of work to have enough context to understand the
concern.

It seems user namespaces and unprivileged mounts are not in play which
is what Seth and I were primariliy focusing on.  So we do not have the
tricky privilege checks.

Looking at the reproducer above it appears that the issue is mounting a
fuse filesystem with global root permissions in a pid namespace.

The semantically correct behavior is to return pids to the fuse
filesystem that are in the namespace of the mounter of the fuse
filesystem, and clearly we are not doing that currently.

There are good ways and bad ways of doing that, the good ways don't
involve taking refcounts on struct pid.    I will take a look shortly
and review Seth's patch and see how well it does.  With a little luck
this should be a non-controversial fix.

Eric

      parent reply	other threads:[~2015-05-22 17:32 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <20150331011423.GC13083@unsen.q53.spb.ru>
     [not found] ` <20150401155515.GA2994@unsen.q53.spb.ru>
     [not found]   ` <CAJfpegvYrJBmnfqk0zO6EWbaiqxuN4anx6Fpw07_P5+s0P1RVw@mail.gmail.com>
     [not found]     ` <20150502155623.GD13083@unsen.q53.spb.ru>
2015-05-22 14:23       ` [fuse-devel] fuse_get_context() and namespaces Miklos Szeredi
2015-05-22 14:47         ` Seth Forshee
2015-05-22 17:44           ` Eric W. Biederman
2015-05-22 18:59             ` Seth Forshee
2015-05-26 15:21               ` Miklos Szeredi
2015-05-26 16:14                 ` [fuse-devel] " Seth Forshee
2015-05-27  3:31                   ` Eric W. Biederman
2015-05-27 12:55                     ` Seth Forshee
2015-06-01 13:07                       ` Miklos Szeredi
2015-06-03 14:03                         ` [fuse-devel] " Seth Forshee
2015-05-22 17:32         ` Eric W. Biederman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87k2w05xi5.fsf@x220.int.ebiederm.org \
    --to=ebiederm@xmission.com \
    --cc=alexey@kurnosov.spb.ru \
    --cc=fuse-devel@lists.sourceforge.net \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=miklos@szeredi.hu \
    --cc=serge.hallyn@ubuntu.com \
    --cc=seth.forshee@canonical.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).