From: Ram <linuxram@us.ibm.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: jamie@shareable.org, viro@parcelfarce.linux.theplanet.co.uk,
hch@infradead.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, Andrew Morton <akpm@osdl.org>
Subject: Re: [PATCH] private mounts
Date: Sun, 24 Apr 2005 23:41:42 -0700 [thread overview]
Message-ID: <1114411302.4480.70.camel@localhost> (raw)
In-Reply-To: <E1DPwdo-0006xF-00@dorka.pomaz.szeredi.hu>
On Sun, 2005-04-24 at 23:00, Miklos Szeredi wrote:
> > >
> > > ... is the same as for the same question with "set of mounts" replaced
> > > with "environment variables".
> >
> > Not quite.
> >
> > After changing environment variables in .profile, you can copy them to
> > other shells using ". ~/.profile".
> >
> > There is no analogous mechanism to copy namespaces.
> >
> > I agree with you that Miklos' patch is not the right way to do it.
>
> I'm not sure that it is either. But, see bellow...
>
> > Much better is the proposal to make namespaces first-class objects,
> > that can be switched to. Then users can choose to have themselves a
> > namespace containing their private mounts, if they want it, with
> > login/libpam or even a program run from .profile switching into it.
>
> It would be good if it could be done just in libpam. But that would
> require every libpam user to call into it after the fork() or
> whatever, so unshare() and join_namespace() don't mess up the server
> running environment.
>
> If not, then it would mean modifying numerous programs, having these
> modifications integrated, then having distributions pick up the
> changes, etc. I would imagine quite a long cycle for this to be
> acutally useful.
>
> > While users can be allowed to create their own namespaces which affect
> > the path traversal of their _own_ directories, it's important that the
> > existence of such namespaces cannot affect path traversal of other
> > directories such as /etc, or /autofs/whatever - and that creation of
> > namespaces by a user cannot prevent the unmounting of a non-user
> > filesystem either.
> >
> > The way to do that is shared subtrees, or something along those lines.
>
> Yes, but we would be achieving essentially the same as my patch, just
> with more complexity. And my patch achieves what FUSE does in 2 lines
> of code, namely hide the mount from other users by returning -EACCESS
> in case fsuid does not mach the mount owner.
>
I have not yet sure how invisible mount can be used to solve the FUSE
problem.
Again my understanding of the basic requirement of FUSE is:
1. A user being able to setup his own VFS-mount environment which
is only visible to the user.
2. The same user being able to see exactly the same VFS-mount
environment from any login session.
RP
> I aggree that your solution is more flexible, but it's also hugely
> more complex. If somebody want's to implement it, fine. But don't
> expect me to do it, unless some company hires my for fs development
> (hint, hint ;)
>
> Thanks,
> Miklos
> -
> To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2005-04-25 6:41 UTC|newest]
Thread overview: 187+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-04-24 20:08 [PATCH] private mounts Miklos Szeredi
2005-04-24 20:13 ` Al Viro
2005-04-24 20:45 ` Miklos Szeredi
2005-04-24 20:18 ` Christoph Hellwig
2005-04-24 20:50 ` Miklos Szeredi
2005-04-24 20:54 ` Al Viro
2005-04-24 20:59 ` Miklos Szeredi
2005-04-24 21:06 ` Al Viro
2005-04-24 21:15 ` Miklos Szeredi
2005-04-24 21:19 ` Al Viro
2005-04-24 21:29 ` Miklos Szeredi
2005-04-24 21:39 ` Jamie Lokier
2005-04-25 7:10 ` Jan Hudec
2005-04-25 9:58 ` Miklos Szeredi
2005-04-25 11:45 ` Jan Hudec
2005-04-30 8:35 ` Christoph Hellwig
2005-04-30 9:25 ` Miklos Szeredi
2005-04-30 9:42 ` Jamie Lokier
2005-04-30 10:14 ` Miklos Szeredi
2005-04-30 14:36 ` Jamie Lokier
2005-04-30 15:59 ` Miklos Szeredi
2005-04-30 16:42 ` Jamie Lokier
2005-04-30 17:07 ` Miklos Szeredi
2005-04-30 18:20 ` Olivier Galibert
2005-04-30 23:58 ` Jamie Lokier
2005-05-01 2:39 ` Ram
2005-04-30 23:54 ` Jamie Lokier
2005-05-01 5:56 ` Miklos Szeredi
2005-05-01 6:39 ` Miklos Szeredi
2005-05-01 15:41 ` Eric Van Hensbergen
2005-05-11 9:00 ` Christoph Hellwig
2005-05-11 10:42 ` Miklos Szeredi
2005-04-24 21:43 ` Jamie Lokier
2005-04-24 22:06 ` maciek
2005-04-25 7:14 ` Jan Hudec
2005-04-27 9:14 ` Helge Hafting
2005-04-25 9:48 ` Olivier Galibert
2005-04-25 16:37 ` Tim Hockin
2005-04-30 8:37 ` Christoph Hellwig
2005-04-25 21:09 ` Bryan Henderson
2005-04-26 13:46 ` filesystem transactions API Ville Herva
2005-04-26 14:14 ` Jamie Lokier
2005-04-26 14:22 ` Artem B. Bityuckiy
2005-04-26 14:32 ` Jamie Lokier
2005-04-26 14:46 ` Artem B. Bityuckiy
2005-04-26 15:19 ` Jamie Lokier
2005-04-26 15:01 ` John Stoffel
2005-04-26 15:12 ` Lars Marowsky-Bree
2005-04-26 15:12 ` Lars Marowsky-Bree
2005-04-26 15:19 ` Trond Myklebust
2005-04-26 15:29 ` Ritesh Kumar
2005-04-26 15:50 ` Jamie Lokier
2005-04-26 16:44 ` Trond Myklebust
2005-04-26 22:44 ` Bryan Henderson
2005-04-26 15:47 ` Jamie Lokier
2005-04-26 15:51 ` Artem B. Bityuckiy
2005-04-26 15:56 ` Jamie Lokier
2005-04-26 16:01 ` Artem B. Bityuckiy
2005-04-27 9:14 ` Jan Hudec
2005-04-27 10:58 ` Bernd Eckenfels
2005-04-26 15:24 ` Jamie Lokier
2005-04-26 17:22 ` Diego Calleja
2005-04-26 17:22 ` Diego Calleja
2005-04-26 17:38 ` Jamie Lokier
2005-04-27 9:34 ` Jan Hudec
2005-04-27 13:43 ` Ville Herva
2005-04-27 15:17 ` Jamie Lokier
2005-04-27 16:58 ` Bernd Eckenfels
2005-04-26 15:40 ` Charles P. Wright
2005-04-26 16:07 ` Artem B. Bityuckiy
2005-04-26 17:22 ` Charles P. Wright
2005-04-27 9:37 ` Lars Marowsky-Bree
2005-04-27 9:37 ` Lars Marowsky-Bree
2005-04-27 13:36 ` Andi Kleen
2005-04-26 14:25 ` Trond Myklebust
2005-04-26 16:22 ` Erik Hensema
2005-04-24 21:38 ` [PATCH] private mounts Jamie Lokier
2005-04-24 22:20 ` Ram
2005-04-24 22:22 ` Jamie Lokier
2005-04-25 6:00 ` Miklos Szeredi
2005-04-25 6:41 ` Ram [this message]
2005-04-25 9:55 ` Miklos Szeredi
2005-04-25 7:22 ` Jan Hudec
2005-04-25 10:08 ` Miklos Szeredi
2005-04-25 15:20 ` Pavel Machek
2005-04-25 19:07 ` Jamie Lokier
2005-04-26 9:29 ` Pavel Machek
2005-04-26 14:07 ` Jamie Lokier
2005-04-28 13:28 ` Eric Van Hensbergen
2005-04-28 19:22 ` Jamie Lokier
2005-04-28 13:47 ` Eric Van Hensbergen
2005-04-28 19:20 ` Jamie Lokier
2005-04-28 19:39 ` Ram
2005-04-28 22:08 ` Jamie Lokier
2005-04-29 7:57 ` Ram
2005-04-29 14:13 ` Miklos Szeredi
2005-04-29 14:42 ` Jamie Lokier
2005-04-29 14:50 ` Question about current->namespace and check_mnt() Jamie Lokier
2005-04-30 8:33 ` [PATCH] private mounts Christoph Hellwig
2005-04-30 16:47 ` Ram
2005-04-24 21:06 ` Christoph Hellwig
2005-04-24 21:12 ` Jamie Lokier
-- strict thread matches above, loose matches on Subject: below --
2005-04-25 10:49 Heikki Orsila
[not found] <3WVU1-2GE-7@gated-at.bofh.it>
[not found] ` <3WWn1-2ZC-5@gated-at.bofh.it>
[not found] ` <3WWn1-2ZC-3@gated-at.bofh.it>
[not found] ` <3WWwR-3hT-35@gated-at.bofh.it>
[not found] ` <3WWwU-3hT-49@gated-at.bofh.it>
[not found] ` <3WWGj-3nm-3@gated-at.bofh.it>
[not found] ` <3WWQ9-3uA-15@gated-at.bofh.it>
[not found] ` <3WWZG-3AC-7@gated-at.bofh.it>
[not found] ` <3X630-2qD-21@gated-at.bofh.it>
[not found] ` <3X8HA-4IH-15@gated-at.bofh.it>
[not found] ` <3Xagd-5Wb-1@gated-at.bofh.it>
2005-04-25 15:17 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-25 16:18 ` Ram
2005-04-25 19:10 ` Jamie Lokier
2005-04-26 9:16 ` Miklos Szeredi
2005-04-26 9:19 ` Christoph Hellwig
2005-04-26 9:22 ` Miklos Szeredi
2005-04-26 9:36 ` Christoph Hellwig
2005-04-26 9:41 ` Miklos Szeredi
2005-04-26 9:47 ` Christoph Hellwig
2005-04-26 9:53 ` Miklos Szeredi
2005-04-26 9:56 ` Christoph Hellwig
2005-04-26 10:01 ` Miklos Szeredi
2005-04-26 10:09 ` Christoph Hellwig
2005-04-26 12:08 ` Miklos Szeredi
2005-04-26 10:02 ` Christoph Hellwig
2005-04-26 13:19 ` Pavel Machek
2005-04-26 13:28 ` Miklos Szeredi
2005-04-26 20:14 ` Pavel Machek
2005-04-27 8:49 ` Miklos Szeredi
2005-04-27 9:24 ` Pavel Machek
2005-04-27 10:42 ` Miklos Szeredi
2005-04-27 11:57 ` Jan Hudec
2005-04-27 12:23 ` Miklos Szeredi
2005-04-27 12:39 ` Jan Hudec
2005-04-27 13:22 ` Miklos Szeredi
2005-04-27 14:40 ` Jamie Lokier
2005-04-27 14:58 ` Pavel Machek
2005-04-27 23:21 ` Trond Myklebust
2005-04-28 8:24 ` Pavel Machek
2005-04-28 8:28 ` Miklos Szeredi
2005-04-28 11:35 ` Trond Myklebust
2005-04-28 17:58 ` Bryan Henderson
2005-04-28 19:46 ` Trond Myklebust
2005-04-28 22:38 ` Bryan Henderson
2005-04-29 0:35 ` Trond Myklebust
2005-04-27 14:31 ` Jamie Lokier
2005-04-27 14:46 ` Miklos Szeredi
2005-04-27 14:55 ` Miklos Szeredi
2005-04-27 15:33 ` Martin Mares
2005-04-27 15:50 ` Lars Marowsky-Bree
2005-04-27 15:50 ` Lars Marowsky-Bree
2005-04-27 16:46 ` Martin Mares
2005-04-27 17:38 ` Miklos Szeredi
2005-04-27 17:54 ` Martin Mares
2005-04-27 18:05 ` Miklos Szeredi
2005-04-27 18:25 ` Martin Mares
2005-04-27 18:42 ` Miklos Szeredi
2005-04-28 13:08 ` Pavel Machek
2005-04-28 19:41 ` Miklos Szeredi
2005-04-28 20:21 ` Pavel Machek
2005-04-27 17:33 ` Miklos Szeredi
2005-04-27 17:39 ` Ram
2005-04-27 17:47 ` Miklos Szeredi
2005-04-27 17:55 ` Ram
2005-04-27 18:09 ` Miklos Szeredi
2005-04-27 19:40 ` Ram
2005-04-27 20:03 ` Miklos Szeredi
2005-04-27 21:38 ` Ram
2005-04-28 7:00 ` Miklos Szeredi
2005-04-28 19:30 ` Ram
2005-04-27 20:55 ` Bill Davidsen
2005-04-28 7:24 ` Miklos Szeredi
[not found] ` <20050427174641.GZ4431@marowsky-bree.de>
2005-04-27 17:52 ` Miklos Szeredi
2005-04-26 10:00 ` Andrew Morton
2005-04-26 10:04 ` Christoph Hellwig
2005-04-26 10:14 ` Andrew Morton
2005-04-26 10:38 ` Christoph Hellwig
2005-04-26 13:05 ` Eric Van Hensbergen
2005-04-26 14:14 ` Miklos Szeredi
2005-04-26 15:01 ` Eric Van Hensbergen
2005-04-26 18:55 ` Bryan Henderson
2005-04-26 9:30 ` Martin Mares
2005-04-25 19:02 ` Bryan Henderson
2005-04-26 8:58 ` Jan Hudec
2005-04-26 11:48 ` Bodo Eggert
2005-04-26 17:10 ` Bryan Henderson
2005-04-26 20:08 ` Bodo Eggert
2005-04-26 22:07 ` Bryan Henderson
2005-04-27 8:18 ` Bodo Eggert
2005-04-25 19:03 ` Jamie Lokier
2005-04-26 9:05 ` Jan Hudec
2005-04-26 11:46 ` Bodo Eggert
2005-05-10 18:28 Nir Tzachar
2005-05-10 19:15 ` Jan Hudec
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1114411302.4480.70.camel@localhost \
--to=linuxram@us.ibm.com \
--cc=akpm@osdl.org \
--cc=hch@infradead.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.