Re: [PATCH v5 00/11] FUSE mounts from non-init user namespaces

From: Miklos Szeredi
Date: Tue Feb 13 2018 - 06:32:16 EST


On Fri, Dec 22, 2017 at 3:32 PM, Dongsu Park <dongsu@xxxxxxxxxx> wrote:

> Patches 1-2 deal with an additional flag of lookup_bdev() to check for
> additional inode permission.

fuse_blk is less suitable for unprivileged mounting than plain fuse.
fusermount doesn't allow mounting fuse_blk unprivileged, so there's
little data about that usecase (IIRC ntfs3g guys did that, or at least
tried to do it, but I don't remember the details).

As such, I think we should leave it out of the initial version. Which
means you can drop patches 1-2 from this series. Unless there's a
strong use case for this. In which case we should look hard at the
differences between fuse_blk and fuse and how that affects
unprivileged operation. There are a few assumptions about fuse_blk
filesystem being more "well behaved", I think.

Thanks,
Miklos