From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Linux FS Devel <linux-fsdevel@vger.kernel.org>,
lsf-pc@lists.linux-foundation.org,
Seth Forshee <seth.forshee@canonical.com>,
Lukasz Pawelczyk <l.pawelczyk@samsung.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Richard Weinberger <richard@nod.at>
Subject: Re: [Lsf-pc] [LSF/MM TOPIC] Filesystem namespaces and uid/gid/lsm remapping
Date: Sun, 22 Feb 2015 09:01:50 -0800 [thread overview]
Message-ID: <1424624510.2146.76.camel@HansenPartnership.com> (raw)
In-Reply-To: <CALCETrVE2F2bcv4DjLOGL+R9Rn_4HEvRjifyOu1nA+gs7VgEeg@mail.gmail.com>
On Tue, 2014-12-02 at 15:47 -0800, Andy Lutomirski wrote:
> This should hopefully be a short topic, and it's possible that it'll
> be settled by the time LSF/MM comes around, but:
>
> There's a fair amount of interest from different directions for
> allowing filesystems with a backing store to be mounted (in the
> mount-from-scratch sense, not the bind-mount sense) in a user
> namespace. For example, Seth has patches to allow unprivileged FUSE
> mounts. There are a few issues here, for example:
>
> - What happens to device nodes in those filesystems?
You have to allow device nodes in mount namespaces. However, not all
devices should be present, only the ones the owner of the namespace is
allowed to either see (read only) or control (read/write).
The specific problem for container security is allowing the user who can
write to the device also to mount it ... because that lets them inject
data known to cause a kernel crash and bring down the entire system or
worse. The current solution is simply not to allow the owner both to
write and mount, but this is becoming increasingly untenable using
loopback images with containers for cascading overlays like docker does.
James
next prev parent reply other threads:[~2015-02-22 17:01 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-02 23:47 [LSF/MM TOPIC] Filesystem namespaces and uid/gid/lsm remapping Andy Lutomirski
2014-12-03 3:37 ` Eric W. Biederman
2015-02-22 17:12 ` [Lsf-pc] " James Bottomley
2015-02-23 12:38 ` Jan Kara
2014-12-03 14:48 ` Seth Forshee
2014-12-05 18:01 ` David Howells
2014-12-08 21:59 ` Eric W. Biederman
2014-12-09 18:51 ` [Lsf-pc] " Jeff Layton
2015-02-22 16:52 ` James Bottomley
2015-02-22 23:51 ` Jeff Layton
2015-02-22 17:01 ` James Bottomley [this message]
2015-02-23 15:54 ` Andy Lutomirski
2015-02-23 16:16 ` James Bottomley
2015-03-02 22:34 ` Andy Lutomirski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1424624510.2146.76.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=ebiederm@xmission.com \
--cc=l.pawelczyk@samsung.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=lsf-pc@lists.linux-foundation.org \
--cc=luto@amacapital.net \
--cc=richard@nod.at \
--cc=seth.forshee@canonical.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).