From mboxrd@z Thu Jan  1 00:00:00 1970
From: Miklos Szeredi <miklos@szeredi.hu>
Subject: Re: [fuse-devel] fuse_get_context() and namespaces
Date: Fri, 22 May 2015 16:23:55 +0200
Message-ID: <CAJfpegsKqG5RX=QueeEewbu4prAF2SZMXT12PkSQTiTutHR-2Q@mail.gmail.com>
References: <20150331011423.GC13083@unsen.q53.spb.ru>
	<20150401155515.GA2994@unsen.q53.spb.ru>
	<CAJfpegvYrJBmnfqk0zO6EWbaiqxuN4anx6Fpw07_P5+s0P1RVw@mail.gmail.com>
	<20150502155623.GD13083@unsen.q53.spb.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Cc: Seth Forshee <seth.forshee@canonical.com>,
	Andy Lutomirski <luto@amacapital.net>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Serge Hallyn <serge.hallyn@ubuntu.com>,
	fuse-devel <fuse-devel@lists.sourceforge.net>,
	Linux-Fsdevel <linux-fsdevel@vger.kernel.org>,
	Kernel Mailing List <linux-kernel@vger.kernel.org>
To: alexey@kurnosov.spb.ru
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <20150502155623.GD13083@unsen.q53.spb.ru>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Sat, May 2, 2015 at 5:56 PM,  <alexey@kurnosov.spb.ru> wrote:
>
> 3.10.0-229 form Scientific Linux and native 4.0.1-1 (from elrepo).
> SL 7.1 on the host and SL 6.6 on the LXC guest. At least in 3.10
> the 499dcf2024092e5cce41d05599a5b51d1f92031a is present.
> Steps to reproduce:
>
> On first console:
> [root@sl7test ~]# lxc-start  -n test-2 /bin/su -
> [root@test-2 ~]# diff -u  hello.py /usr/share/doc/fuse-python-0.2.1/example/hello.py
> --- hello.py    2015-05-02 11:12:13.963093580 -0400
> +++ /usr/share/doc/fuse-python-0.2.1/example/hello.py   2010-04-14 18:29:21.000000000 -0400
> @@ -41,8 +41,6 @@
>  class HelloFS(Fuse):
>
>      def getattr(self, path):
> -        dic = Fuse.GetContext(self)
> -        print dic
>          st = MyStat()
>          if path == '/':
>              st.st_mode = stat.S_IFDIR | 0755
> [root@test-2 ~]# python hello.py -f  /mnt/
>
> On second console:
> [root@test-2 ~]# echo $$
> 41
> [root@test-2 ~]# ls /mnt/
> hello
>
> Output of first console:
> {'gid': 0, 'pid': 12083, 'uid': 0}

Thanks.

Digging in mailbox...  There was a thread last year about adding
support for running fuse daemon in a container:

  http://thread.gmane.org/gmane.linux.kernel/1811658

Not sure what happened, but no updated patches have been posted or
maybe I just missed them.

Anyway... adding parties of that discussion to the Cc.

Thanks,
Miklos


>
>
> On Tue, Apr 14, 2015 at 10:23:50AM +0200, Miklos Szeredi wrote:
>> On Wed, Apr 1, 2015 at 5:55 PM,  <alexey@kurnosov.spb.ru> wrote:
>> >
>> > Nobody have a clue?
>> > Who is on FUSE support now?
>> >
>> > --
>> > Alexey Kurnosov
>> >
>> > On Tue, Mar 31, 2015 at 04:14:23AM +0300, alexey@kurnosov.spb.ru wrote:
>> >>
>> >> Hi All.
>> >>
>> >> In my application there is a need to filter access by PID, so i use
>> >> fuse_get_context() (over python bindings actually). The problem come
>> >> when the application runs in a LXC container, and in a separate PID
>> >> namespace (https://lwn.net/Articles/531419/) as result. fuse_get_context()
>> >> returns a caller PID in a _host_'s namespace, not in a container. Not taking
>> >> apart the fact there is broken something in namespaces isolation, is this
>> >> a correct behavior? Shouldn't FUSE be namespaces aware?  Is there a way to
>> >> get PIDs in a container's PID namespace? Maybe some workaround?
>>
>> Which kernel?  There was a fix that went in v3.8:
>>
>> commit 499dcf2024092e5cce41d05599a5b51d1f92031a
>> Author: Eric W. Biederman <ebiederm@xmission.com>
>> Date:   Tue Feb 7 16:26:03 2012 -0800
>>
>>     userns: Support fuse interacting with multiple user namespaces
>>
>>
>> Thanks,
>> Miklos
>
> --
> Alexey Kurnosov