From mboxrd@z Thu Jan  1 00:00:00 1970
From: Jan Hudec <bulb@ucw.cz>
Subject: Re: [RFC][2.6 patch] Allow creation of new namespaces during mount system call
Date: Wed, 20 Apr 2005 14:48:29 +0200
Message-ID: <20050420124829.GB23518@vagabond>
References: <a4e6962a05041915132f57de3f@mail.gmail.com> <20050419222324.GM13052@parcelfarce.linux.theplanet.co.uk> <a4e6962a0504191653f6848a6@mail.gmail.com> <20050420033304.GO13052@parcelfarce.linux.theplanet.co.uk> <20050420094558.GB10167@mail.shareable.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="IpbVkmxF4tDyP/Kb"
Cc: Al Viro <viro@parcelfarce.linux.theplanet.co.uk>,
	Eric Van Hensbergen <ericvh@gmail.com>,
	linux-fsdevel@vger.kernel.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from cimice4.lam.cz ([212.71.168.94]:32712 "EHLO vagabond.light.src")
	by vger.kernel.org with ESMTP id S261535AbVDTMtI (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 20 Apr 2005 08:49:08 -0400
To: Jamie Lokier <jamie@shareable.org>
Content-Disposition: inline
In-Reply-To: <20050420094558.GB10167@mail.shareable.org>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org


--IpbVkmxF4tDyP/Kb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 20, 2005 at 10:45:58 +0100, Jamie Lokier wrote:
> Al Viro wrote:
> > Most of the code is already there - do_fork() has to do such stuff anyw=
ay.
> > So how about adding sys_unshare(flags) that would do that job?  Flags w=
ould
> > correspond to those of clone(2), except that all these guys would be
> > "what do we unshare" instead of "what do we leave shared".
>=20
> That would let a program split off into its own namespace, but that's
> not really what's needed for FUSE.
>=20
> For FUSE, what's needed is that a user can mount something, and the
> mounted fs is visible only to that user, but it's visible to _all_ of
> the user's processes.

Including root's su to that user...
Keeping information in a process group is the *only* way to actually
lock out root. That is, except some kind of keyring in kernel.

---------------------------------------------------------------------------=
----
						 Jan 'Bulb' Hudec <bulb@ucw.cz>

--IpbVkmxF4tDyP/Kb
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCZk+dRel1vVwhjGURAsESAKDqbsROr/im030+wPyhkfvdNSPoogCdFZu0
gvR5rd2dW7gZJZS2hAHl4DI=
=J91f
-----END PGP SIGNATURE-----

--IpbVkmxF4tDyP/Kb--