Re: -mm -> 2.6.13 merge status (fuse)

[Miklos Szeredi]

> fuse
> 
>     This is useful, but there are, AFAIK, two issues:
> 
>     - We're still deadlocked over some permission-checking hacks in there

Oh, god.  Let me try to explain this again:

  - This is a security issue with unprivileged mounts

  - Since no other filesystem currently offers secure unpivileged
    mounts in Linux, this is something "new"

  - Since it's something new, there's a big resistance to acceptance.
    I understand this, I only ask people, to please read
    Documentation/filesystems/fuse.txt, before arguing against it

  - IMO it's not a hack, and it's not something that can be solved
    otherwise (no, private namespaces are NOT a solution, they are
    mosty orthogonal to this).

So I welcome constructive discussion.  However bear in mind, that I
definitely don't want to disable unprivileged mounts.  For me that is
_the_ most important feature of FUSE.

>     - It has an NFS server implementation which only works if the
>       to-be-served file happens to be in dcache.

More preciesly it relies on icache.

>       It has been said that a userspace NFS server can be used to
>       get full NFS server functionality with FUSE.  I think the
>       half-assed kernel implementation should be done away with.

I won't shed many tears if you drop fuse-nfs-export.patch.  It would
at least give the userspace solution some boost.

However the patch is pretty small, and despite it's flaws, I know it's
used by a number of people.

Thanks,
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/