From: Eric Van Hensbergen <ericvh@gmail.com>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: jamie@shareable.org, dan@debian.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
hch@infradead.org, akpm@osdl.org,
viro@parcelfarce.linux.theplanet.co.uk
Subject: Re: [RFC] FUSE permission modell (Was: fuse review bits)
Date: Sun, 17 Apr 2005 12:45:48 -0500 [thread overview]
Message-ID: <a4e6962a05041710451d74f037@mail.gmail.com> (raw)
In-Reply-To: <E1DLEby-00013d-00@dorka.pomaz.szeredi.hu>
On 4/12/05, Miklos Szeredi <miklos@szeredi.hu> wrote:
> > I think that would be _much_ nicer implemented as a mount which is
> > invisible to other users, rather than one which causes the admin's
> > scripts to spew error messages.
>>
> > Is the namespace mechanism at all suitable for that?
>
> It is certainly the right tool for this. However currently private
> namespaces are quite limited. The only sane usage I can think of is
> that before mounting the user starts a shell with CLONE_NS, and does
> the mount in this. However all the other programs he already has
> running (editor, browser, desktop environment) won't be able to access
> the mount.
>
I'd like to second that I think private-namespaces are the right way
to solve this sort of problem. It also helps not cluttering the
global namespace with user-local mounts
>
> Shared subtrees and more support in userspace tools is needed before
> private namespaces can become really useful.
>
I'd like to talk about this a bit more and start driving to a solution
here. I've been looking at the namespace code quite a bit and was
just about to dive in and start checking into adding/fixing certain
aspects such as stackable namespaces, optional inheritence (changes in
a parent namespace are reflected in the child but not vice-versa),
etc.
One aspect I was thinking about here was a mount flag that would give
you a new private namespace (if you didn't already have one) for the
mount (and I guess that would impact any subsequent mounts from the
user in that shell). Another option would be a 'newns' style
system-call, but I'm generally against adding new system calls.
Shared subtrees are a tricky one. I know how we would handle it in
V9FS, but not sure how well that would translate to others
(essentially we'd re-export the subtree so other user's could mount it
individually -- but that's a very Plan 9 solution and may not be what
more UNIX-minded folks would want -- we also need to improve our own
server infrastructure to more efficiently support such a re-export).
So, to sum up I think private namespaces is the right solution, and
I'd rather put effort into making it more useful than work-around the
fact that its not practical right now.
-eric
next prev parent reply other threads:[~2005-04-17 17:46 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-03-18 17:33 [PATCH] FUSE: fix busy inodes after unmount Miklos Szeredi
2005-03-20 16:15 ` fuse is cool and robust bert hubert
2005-03-20 21:55 ` Jan Engelhardt
2005-03-21 6:52 ` bert hubert
2005-03-20 23:12 ` Andrew Morton
[not found] ` <20050321073519.GA13879@outpost.ds9a.nl>
[not found] ` <20050323083347.GA1807@infradead.org>
[not found] ` <E1DE2D1-0005Ie-00@dorka.pomaz.szeredi.hu>
[not found] ` <20050325095838.GA9471@infradead.org>
[not found] ` <E1DEmYC-0008Qg-00@dorka.pomaz.szeredi.hu>
[not found] ` <20050331112427.GA15034@infradead.org>
[not found] ` <E1DH13O-000400-00@dorka.pomaz.szeredi.hu>
[not found] ` <20050331200502.GA24589@infradead.org>
[not found] ` <E1DJsH6-0004nv-00@dorka.pomaz.szeredi.hu>
[not found] ` <20050411114728.GA13128@infradead.org>
2005-04-11 14:43 ` [RFC] FUSE permission modell (Was: fuse review bits) Miklos Szeredi
2005-04-11 15:36 ` Daniel Jacobowitz
2005-04-11 15:56 ` Miklos Szeredi
2005-04-11 18:17 ` Daniel Jacobowitz
2005-04-11 19:10 ` Miklos Szeredi
2005-04-11 19:22 ` Daniel Jacobowitz
2005-04-11 19:56 ` Miklos Szeredi
2005-04-11 21:41 ` Jamie Lokier
2005-04-12 6:10 ` Miklos Szeredi
2005-04-12 14:33 ` Jamie Lokier
2005-04-12 15:13 ` Miklos Szeredi
2005-04-12 16:03 ` Miklos Szeredi
2005-04-12 15:16 ` Frank Sorenson
2005-04-12 15:56 ` Jamie Lokier
2005-04-17 17:45 ` Eric Van Hensbergen [this message]
2005-04-17 18:06 ` Jamie Lokier
2005-04-12 20:36 ` Anton Altaparmakov
2005-04-11 22:13 ` Daniel Jacobowitz
2005-04-12 6:27 ` Miklos Szeredi
2005-04-12 14:32 ` Jamie Lokier
2005-04-12 14:59 ` Miklos Szeredi
2005-04-12 16:13 ` Jamie Lokier
2005-04-12 16:37 ` Miklos Szeredi
2005-04-12 16:45 ` Jamie Lokier
2005-04-12 16:52 ` Miklos Szeredi
2005-04-12 17:14 ` Jamie Lokier
2005-04-12 19:10 ` Miklos Szeredi
2005-04-12 16:42 ` Jan Hudec
2005-04-11 19:43 ` Yaroslav Rastrigin
2005-04-12 8:06 ` Jan Hudec
2005-04-11 18:22 ` Jamie Lokier
2005-04-11 18:27 ` Daniel Jacobowitz
2005-04-11 19:38 ` Miklos Szeredi
2005-04-17 18:01 ` Eric Van Hensbergen
2005-04-17 18:45 ` Miklos Szeredi
2005-04-17 19:57 ` Eric Van Hensbergen
[not found] <3S8oM-So-11@gated-at.bofh.it>
[not found] ` <3S8oM-So-13@gated-at.bofh.it>
[not found] ` <3S8oN-So-15@gated-at.bofh.it>
[not found] ` <3S8oN-So-17@gated-at.bofh.it>
[not found] ` <3S8oN-So-19@gated-at.bofh.it>
[not found] ` <3S8oN-So-21@gated-at.bofh.it>
[not found] ` <3S8oN-So-23@gated-at.bofh.it>
[not found] ` <3S8oN-So-25@gated-at.bofh.it>
[not found] ` <3S8oN-So-27@gated-at.bofh.it>
[not found] ` <3S8oM-So-7@gated-at.bofh.it>
[not found] ` <3SbPN-3T4-19@gated-at.bofh.it>
2005-04-12 9:17 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-12 9:17 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-12 14:45 ` Jamie Lokier
2005-04-12 14:45 ` Jamie Lokier
2005-04-12 15:19 ` Miklos Szeredi
2005-04-12 16:04 ` Jamie Lokier
2005-04-12 16:31 ` Miklos Szeredi
2005-04-12 16:44 ` Jamie Lokier
2005-04-12 16:55 ` Miklos Szeredi
2005-04-12 17:13 ` Jamie Lokier
2005-04-12 19:08 ` Miklos Szeredi
2005-04-13 12:56 ` Jan Hudec
2005-04-13 15:08 ` Miklos Szeredi
2005-04-13 16:13 ` Jamie Lokier
2005-04-13 16:47 ` Miklos Szeredi
2005-04-13 16:57 ` Jamie Lokier
2005-04-13 15:58 ` Jamie Lokier
2005-04-12 20:19 ` Anton Altaparmakov
2005-04-12 21:52 ` Jamie Lokier
2005-04-13 9:14 ` Miklos Szeredi
2005-04-13 12:59 ` Jan Hudec
2005-04-13 17:02 ` Jamie Lokier
2005-04-13 17:29 ` Miklos Szeredi
2005-04-13 18:36 ` Jamie Lokier
2005-04-13 19:16 ` Miklos Szeredi
[not found] ` <3S9b7-1yl-1@gated-at.bofh.it>
[not found] ` <3S9uB-1Lj-3@gated-at.bofh.it>
[not found] ` <3SbG5-3Mb-41@gated-at.bofh.it>
[not found] ` <3ScC1-4zl-1@gated-at.bofh.it>
[not found] ` <3ScLO-4GA-9@gated-at.bofh.it>
[not found] ` <3SdeV-54h-21@gated-at.bofh.it>
[not found] ` <3SeXf-6BK-21@gated-at.bofh.it>
[not found] ` <E1DLKOd-0001Nd-MG@be1.7eggert.dyndns.org>
2005-04-12 14:37 ` Jamie Lokier
2005-04-12 19:51 ` Bodo Eggert
[not found] ` <3UmnD-6Fy-7@gated-at.bofh.it>
2005-04-17 23:52 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
2005-04-19 11:57 ` Eric Van Hensbergen
2005-04-19 15:01 ` Bodo Eggert
2005-04-19 15:21 ` Miklos Szeredi
2005-04-19 15:26 ` Eric Van Hensbergen
2005-04-19 16:02 ` Bodo Eggert
2005-04-19 19:29 ` Eric Van Hensbergen
2005-04-20 3:59 ` Mike Waychison
2005-04-20 7:09 ` Miklos Szeredi
[not found] <3UrQt-2Js-3@gated-at.bofh.it>
[not found] ` <3SpIW-6UA-17@gated-at.bofh.it>
[not found] ` <3SpIW-6UA-19@gated-at.bofh.it>
[not found] ` <3SpIW-6UA-21@gated-at.bofh.it>
[not found] ` <3UrQt-2Js-5@gated-at.bofh.it>
[not found] ` <3UrQt-2Js-1@gated-at.bofh.it>
[not found] ` <3UZyS-55i-39@gated-at.bofh.it>
[not found] ` <3V2wG-7HR-19@gated-at.bofh.it>
[not found] ` <3V2PX-7Vh-23@gated-at.bofh.it>
[not found] ` <3V6Ae-2Ce-17@gated-at.bofh.it>
[not found] ` <3V6JW-2K9-49@gated-at.bofh.it>
[not found] ` <3VeHl-NF-3@gated-at.bofh.it>
2005-04-20 19:52 ` Bodo Eggert <harvested.in.lkml@posting.7eggert.dyndns.org>
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=a4e6962a05041710451d74f037@mail.gmail.com \
--to=ericvh@gmail.com \
--cc=akpm@osdl.org \
--cc=dan@debian.org \
--cc=hch@infradead.org \
--cc=jamie@shareable.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=viro@parcelfarce.linux.theplanet.co.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.