Re: [fuse-devel] fuse_get_context() and namespaces

From: Seth Forshee
Date: Wed Jun 03 2015 - 10:03:46 EST


On Mon, Jun 01, 2015 at 03:07:07PM +0200, Miklos Szeredi wrote:
> On Wed, May 27, 2015 at 2:55 PM, Seth Forshee
> <seth.forshee@xxxxxxxxxxxxx> wrote:
>
> > I haven't seen anything to indicate that this filesystem will be broken
> > by this, just that it's broken by untranslated pids. Presumably it would
> > just reject any requests which aren't representable in its namespace.
>
> Without failing the operation there never will be any indication that
> a filesystem is broken. So I guess the safe way would be
>
> - deny access for untranslated pids (uids, gids, etc).
>
> - if this becomes an issue (possibly a perfomance issue), then add a
> flag to disable pids (and/or uids, gids) completely.

How about this then? I left fuse_get_req_nofail_nopages alone since it
presumably shouldn't fail, but that could be changed too.

With this pids are being translated into my container's namespace, and
access by processes whose pid won't map into the namespace is denied.

Seth

---