From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932355AbbEVOYB (ORCPT ); Fri, 22 May 2015 10:24:01 -0400 Received: from mail-qk0-f176.google.com ([209.85.220.176]:35709 "EHLO mail-qk0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932190AbbEVOX4 (ORCPT ); Fri, 22 May 2015 10:23:56 -0400 MIME-Version: 1.0 X-Originating-IP: [217.173.38.102] In-Reply-To: <20150502155623.GD13083@unsen.q53.spb.ru> References: <20150331011423.GC13083@unsen.q53.spb.ru> <20150401155515.GA2994@unsen.q53.spb.ru> <20150502155623.GD13083@unsen.q53.spb.ru> Date: Fri, 22 May 2015 16:23:55 +0200 Message-ID: Subject: Re: [fuse-devel] fuse_get_context() and namespaces From: Miklos Szeredi To: alexey@kurnosov.spb.ru Cc: Seth Forshee , Andy Lutomirski , "Eric W. Biederman" , Serge Hallyn , fuse-devel , Linux-Fsdevel , Kernel Mailing List Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 2, 2015 at 5:56 PM, wrote: > > 3.10.0-229 form Scientific Linux and native 4.0.1-1 (from elrepo). > SL 7.1 on the host and SL 6.6 on the LXC guest. At least in 3.10 > the 499dcf2024092e5cce41d05599a5b51d1f92031a is present. > Steps to reproduce: > > On first console: > [root@sl7test ~]# lxc-start -n test-2 /bin/su - > [root@test-2 ~]# diff -u hello.py /usr/share/doc/fuse-python-0.2.1/example/hello.py > --- hello.py 2015-05-02 11:12:13.963093580 -0400 > +++ /usr/share/doc/fuse-python-0.2.1/example/hello.py 2010-04-14 18:29:21.000000000 -0400 > @@ -41,8 +41,6 @@ > class HelloFS(Fuse): > > def getattr(self, path): > - dic = Fuse.GetContext(self) > - print dic > st = MyStat() > if path == '/': > st.st_mode = stat.S_IFDIR | 0755 > [root@test-2 ~]# python hello.py -f /mnt/ > > On second console: > [root@test-2 ~]# echo $$ > 41 > [root@test-2 ~]# ls /mnt/ > hello > > Output of first console: > {'gid': 0, 'pid': 12083, 'uid': 0} Thanks. Digging in mailbox... There was a thread last year about adding support for running fuse daemon in a container: http://thread.gmane.org/gmane.linux.kernel/1811658 Not sure what happened, but no updated patches have been posted or maybe I just missed them. Anyway... adding parties of that discussion to the Cc. Thanks, Miklos > > > On Tue, Apr 14, 2015 at 10:23:50AM +0200, Miklos Szeredi wrote: >> On Wed, Apr 1, 2015 at 5:55 PM, wrote: >> > >> > Nobody have a clue? >> > Who is on FUSE support now? >> > >> > -- >> > Alexey Kurnosov >> > >> > On Tue, Mar 31, 2015 at 04:14:23AM +0300, alexey@kurnosov.spb.ru wrote: >> >> >> >> Hi All. >> >> >> >> In my application there is a need to filter access by PID, so i use >> >> fuse_get_context() (over python bindings actually). The problem come >> >> when the application runs in a LXC container, and in a separate PID >> >> namespace (https://lwn.net/Articles/531419/) as result. fuse_get_context() >> >> returns a caller PID in a _host_'s namespace, not in a container. Not taking >> >> apart the fact there is broken something in namespaces isolation, is this >> >> a correct behavior? Shouldn't FUSE be namespaces aware? Is there a way to >> >> get PIDs in a container's PID namespace? Maybe some workaround? >> >> Which kernel? There was a fix that went in v3.8: >> >> commit 499dcf2024092e5cce41d05599a5b51d1f92031a >> Author: Eric W. Biederman >> Date: Tue Feb 7 16:26:03 2012 -0800 >> >> userns: Support fuse interacting with multiple user namespaces >> >> >> Thanks, >> Miklos > > -- > Alexey Kurnosov