From mboxrd@z Thu Jan  1 00:00:00 1970
From: Trond Myklebust <trond.myklebust@fys.uio.no>
Subject: Re: [RFC] [PATCH 0/4] uid_ns: introduction
Date: Wed, 08 Nov 2006 09:46:10 -0800
Message-ID: <1163007970.12491.2.camel@lade.trondhjem.org>
References: <20061107041814.GA28706@sergelap.austin.ibm.com>
	 <20061108005209.GA9566@MAIL.13thfloor.at>
Mime-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Cc: "Serge E. Hallyn" <serue@us.ibm.com>,
	Containers <containers@lists.osdl.org>,
	linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from pat.uio.no ([129.240.10.4]:48864 "EHLO pat.uio.no")
	by vger.kernel.org with ESMTP id S1754623AbWKHRqa (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 8 Nov 2006 12:46:30 -0500
To: Herbert Poetzl <herbert@13thfloor.at>
In-Reply-To: <20061108005209.GA9566@MAIL.13thfloor.at>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

On Wed, 2006-11-08 at 01:52 +0100, Herbert Poetzl wrote:
> On Mon, Nov 06, 2006 at 10:18:14PM -0600, Serge E. Hallyn wrote:
> > Cedric has previously sent out a patchset
> > (http://lists.osdl.org/pipermail/containers/2006-August/000078.html)
> > impplementing the very basics of a user namespace. It ignores
> > filesystem access checks, so that uid 502 in one namespace could
> > access files belonging to uid 502 in another namespace, if the
> > containers were so set up.
> >
> > This isn't necessarily bad, since proper container setup should
> > prevent problems. However there has been concern, so here is a
> > patchset which takes one course in addressing the concern.
> >
> > It adds a user namespace pointer to every superblock, and to
> > enhances fsuid equivalence checks with a (inode->i_sb->s_uid_ns ==
> > current->nsproxy->uid_ns) comparison.
> 
> I don't consider that a good idea as it means that a filesystem
> (or to be precise, a superblock) can only belong to one specific
> namespace, which is not very useful for shared setups
> 
> Linux-VServer provides a mechanism to do per inode (and per
> nfs mount) tagging for similar 'security' and more important
> for disk space accounting and limiting, which permits to have
> different disk limits, quota and access on a shared partition
> 
> i.e. I do not like it

Indeed. I discussed this with Eric at the kernel summit this summer and
explained my reservations. As far as I'm concerned, tagging superblocks
with a container label is an unacceptable hack since it completely
breaks NFS caching semantics.

Cheers,
  Trond