From: Ian Kent <raven@themaw.net>
To: "Serge E. Hallyn" <serge@hallyn.com>, Miklos Szeredi <miklos@szeredi.hu>
Cc: "Eric W . Biederman" <ebiederm@xmission.com>,
overlayfs <linux-unionfs@vger.kernel.org>,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 0/5] allow unprivileged overlay mounts
Date: Mon, 24 Feb 2020 10:45:47 +0800 [thread overview]
Message-ID: <0f24065ec6aaf654602f03e241747efa4fbe73fd.camel@themaw.net> (raw)
In-Reply-To: <20191029170137.GA21633@mail.hallyn.com>
On Tue, 2019-10-29 at 12:01 -0500, Serge E. Hallyn wrote:
> On Fri, Oct 25, 2019 at 01:35:20PM +0200, Miklos Szeredi wrote:
> > On Fri, Oct 25, 2019 at 1:30 PM Miklos Szeredi <mszeredi@redhat.com
> > > wrote:
> > > Hi Eric,
> > >
> > > Can you please have a look at this patchset?
> > >
> > > The most interesting one is the last oneliner adding
> > > FS_USERNS_MOUNT;
> > > whether I'm correct in stating that this isn't going to introduce
> > > any
> > > holes, or not...
> >
> > Forgot the git tree:
> >
> > git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/vfs.git#ovl-
> > unpriv
> >
> > Thanks,
> > Miklos
>
> I've looked through it, seemed sensible to me.
Seems sensible to me too but I'm not sure what I'm looking for.
Perhaps a bit more on how this is secure to give an idea what's been
checked and where to focus so the the survey can be broadened from
there... I'm not sure.
For example, from my simple minded view I wonder about the posix acl
code.
In ovl_posix_acl_xattr_set() there is a call to posix_acl_from_xattr()
that uses init_user_ns. I wonder if that should be the current user ns
in this case but I'm not sure?
Ian
next prev parent reply other threads:[~2020-02-24 2:45 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-25 11:29 [RFC PATCH 0/5] allow unprivileged overlay mounts Miklos Szeredi
2019-10-25 11:29 ` [RFC PATCH 1/5] ovl: document permission model Miklos Szeredi
2019-10-25 11:29 ` [RFC PATCH 2/5] ovl: ignore failure to copy up unknown xattrs Miklos Szeredi
2019-10-25 11:29 ` [RFC PATCH 3/5] vfs: allow unprivileged whiteout creation Miklos Szeredi
2019-10-25 11:29 ` [RFC PATCH 4/5] ovl: user xattr Miklos Szeredi
2019-10-26 13:50 ` Amir Goldstein
2019-10-25 11:29 ` [RFC PATCH 5/5] ovl: unprivieged mounts Miklos Szeredi
2019-10-25 11:35 ` [RFC PATCH 0/5] allow unprivileged overlay mounts Miklos Szeredi
2019-10-29 17:01 ` Serge E. Hallyn
2020-02-24 2:45 ` Ian Kent [this message]
2019-10-25 13:42 ` Eric W. Biederman
2019-11-25 15:14 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0f24065ec6aaf654602f03e241747efa4fbe73fd.camel@themaw.net \
--to=raven@themaw.net \
--cc=ebiederm@xmission.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-unionfs@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).