Re: -mm -> 2.6.13 merge status (fuse)

From: Miklos Szeredi
Date: Tue Jun 21 2005 - 05:24:40 EST


> fuse
>
> This is useful, but there are, AFAIK, two issues:
>
> - We're still deadlocked over some permission-checking hacks in there

Oh, god. Let me try to explain this again:

- This is a security issue with unprivileged mounts

- Since no other filesystem currently offers secure unpivileged
mounts in Linux, this is something "new"

- Since it's something new, there's a big resistance to acceptance.
I understand this, I only ask people, to please read
Documentation/filesystems/fuse.txt, before arguing against it

- IMO it's not a hack, and it's not something that can be solved
otherwise (no, private namespaces are NOT a solution, they are
mosty orthogonal to this).

So I welcome constructive discussion. However bear in mind, that I
definitely don't want to disable unprivileged mounts. For me that is
_the_ most important feature of FUSE.

> - It has an NFS server implementation which only works if the
> to-be-served file happens to be in dcache.

More preciesly it relies on icache.

> It has been said that a userspace NFS server can be used to
> get full NFS server functionality with FUSE. I think the
> half-assed kernel implementation should be done away with.

I won't shed many tears if you drop fuse-nfs-export.patch. It would
at least give the userspace solution some boost.

However the patch is pretty small, and despite it's flaws, I know it's
used by a number of people.

Thanks,
Miklos
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/