Re: [RFC] FUSE permission modell (Was: fuse review bits)

[Jamie Lokier]

Bodo Eggert <harvested.in.lkml@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
> >> That is exactly the intended effect.  If I'm at my work machine (where
> >> I'm not an admin unfortunately) and I mount my home machine with sshfs
> >> (because FUSE is installed fortunately :), then I bloody well don't
> >> want the sysadmin or some automated script of his to go mucking under
> >> the mountpoint.
> > 
> > I think that would be _much_ nicer implemented as a mount which is
> > invisible to other users, rather than one which causes the admin's
> > scripts to spew error messages.  Is the namespace mechanism at all
> > suitable for that?
> 
> This will require shared subtrees plus a way for new logins from the same
> user to join an existing (previous login) namespace.

Or "per-user namespaces".

It's part of a more general problem of how you limit access to private
data such as crypto keys, either per user, or more finely than that.

Isn't that what all the keyring stuff is for?

-- Jamie
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/