From mboxrd@z Thu Jan 1 00:00:00 1970 From: Miklos Szeredi Subject: Re: fuse_get_context() and namespaces Date: Mon, 1 Jun 2015 15:07:07 +0200 Message-ID: References: <20150401155515.GA2994@unsen.q53.spb.ru> <20150502155623.GD13083@unsen.q53.spb.ru> <20150522144702.GA126334@ubuntu-hedt> <87iobk4id8.fsf@x220.int.ebiederm.org> <20150522185932.GC126334@ubuntu-hedt> <20150526152138.GB4531@tucsk.suse.de> <20150526161451.GB10248@ubuntu-hedt> <87k2vuvgpv.fsf@x220.int.ebiederm.org> <20150527125546.GA22018@ubuntu-xps13> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Cc: fuse-devel , Serge Hallyn , Kernel Mailing List , Andy Lutomirski , "Eric W. Biederman" , Linux-Fsdevel To: Seth Forshee Return-path: In-Reply-To: <20150527125546.GA22018@ubuntu-xps13> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: fuse-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org List-Id: linux-fsdevel.vger.kernel.org On Wed, May 27, 2015 at 2:55 PM, Seth Forshee wrote: > I haven't seen anything to indicate that this filesystem will be broken > by this, just that it's broken by untranslated pids. Presumably it would > just reject any requests which aren't representable in its namespace. Without failing the operation there never will be any indication that a filesystem is broken. So I guess the safe way would be - deny access for untranslated pids (uids, gids, etc). - if this becomes an issue (possibly a perfomance issue), then add a flag to disable pids (and/or uids, gids) completely. Thanks, Miklos ------------------------------------------------------------------------------