From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out02.mta.xmission.com ([166.70.13.232]:41723 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750763AbdK3FVg (ORCPT ); Thu, 30 Nov 2017 00:21:36 -0500 From: ebiederm@xmission.com (Eric W. Biederman) To: Ian Kent Cc: Linux Containers , linux-kernel@vger.kernel.org, Miklos Szeredi , linux-fsdevel@vger.kernel.org, Seth Forshee References: <874lpck52r.fsf@xmission.com> Date: Wed, 29 Nov 2017 23:21:24 -0600 In-Reply-To: (Ian Kent's message of "Thu, 30 Nov 2017 08:11:55 +0800") Message-ID: <877eu8ibor.fsf@xmission.com> MIME-Version: 1.0 Content-Type: text/plain Subject: Re: [PATCH 0/2] userns: automount cleanups Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Ian Kent writes: > On 30/11/17 08:01, Eric W. Biederman wrote: >> >> While reviewing some code I realized that in getting d_automount working >> with s_user_ns I had left behind some unnecessary relics of the blind >> path I started down. Here are two patches that remove those relics. >> >> Unless someone has another preference I will drop them in my userns tree >> and merge them that way. > > I saw the "->s_user_ns != &init_user_ns" and wondered if that would > trigger for automount(8) run entirely with a container (eg. docker)? autofs still needs FS_USERNS_MOUNT before you can reach that point. But docker does have a mode ?--userns-remap? where it sets up the containers mounts that way. I think in principle that should work and be safe. I don't know how robust autofs is against malicious users. Which is the question to ask before actually adding FS_USERNS_MOUNT in struct file_system_type. > Anyway, it's gone now, so ACK to these two, thanks Eric. Eric