From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andy Lutomirski Subject: [LSF/MM TOPIC] Filesystem namespaces and uid/gid/lsm remapping Date: Tue, 2 Dec 2014 15:47:04 -0800 Message-ID: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Cc: "Eric W. Biederman" , Seth Forshee , Lukasz Pawelczyk , Richard Weinberger To: Linux FS Devel , lsf-pc@lists.linux-foundation.org Return-path: Received: from mail-lb0-f176.google.com ([209.85.217.176]:47596 "EHLO mail-lb0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932722AbaLBXr0 (ORCPT ); Tue, 2 Dec 2014 18:47:26 -0500 Received: by mail-lb0-f176.google.com with SMTP id p9so11130575lbv.7 for ; Tue, 02 Dec 2014 15:47:24 -0800 (PST) Sender: linux-fsdevel-owner@vger.kernel.org List-ID: This should hopefully be a short topic, and it's possible that it'll be settled by the time LSF/MM comes around, but: There's a fair amount of interest from different directions for allowing filesystems with a backing store to be mounted (in the mount-from-scratch sense, not the bind-mount sense) in a user namespace. For example, Seth has patches to allow unprivileged FUSE mounts. There are a few issues here, for example: - What happens to device nodes in those filesystems? - If a FUSE backend is in a user namespace, how should UIDs be translated to/from that backend? - How should LSM security labels be translated? - Should a struct super_block be associated with a user namespace? (Answer: probably, I think.) If so, what should the semantics be? There are also some remapping cases that aren't directly user namespace-related. For example, I'd like to be able to insert removable media and create files owned by uid 0 (or any other uid) without actually being root. --Andy