From: Serge Hallyn <serge.hallyn@ubuntu.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: linux-kernel@vger.kernel.org
Subject: [PATCH RFC] allow some kernel filesystems to be mounted in a user namespace
Date: Tue, 16 Jul 2013 14:29:20 -0500 [thread overview]
Message-ID: <20130716192920.GA8980@sergelap> (raw)
All the files will be owned by host root, so there's no security
concern in allowing this.
(These are mounted by default by mountall, and if permission is
denied then by default container boot will hang)
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
---
fs/debugfs/inode.c | 1 +
fs/fuse/control.c | 1 +
security/inode.c | 1 +
3 files changed, 3 insertions(+)
diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
index 4888cb3..8632432 100644
--- a/fs/debugfs/inode.c
+++ b/fs/debugfs/inode.c
@@ -298,6 +298,7 @@ static struct file_system_type debug_fs_type = {
.name = "debugfs",
.mount = debug_mount,
.kill_sb = kill_litter_super,
+ .fs_flags = FS_USERNS_MOUNT,
};
MODULE_ALIAS_FS("debugfs");
diff --git a/fs/fuse/control.c b/fs/fuse/control.c
index a0b0855..4991441 100644
--- a/fs/fuse/control.c
+++ b/fs/fuse/control.c
@@ -340,6 +340,7 @@ static struct file_system_type fuse_ctl_fs_type = {
.name = "fusectl",
.mount = fuse_ctl_mount,
.kill_sb = fuse_ctl_kill_sb,
+ .fs_flags = FS_USERNS_MOUNT,
};
MODULE_ALIAS_FS("fusectl");
diff --git a/security/inode.c b/security/inode.c
index 43ce6e1..ec18abd 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -49,6 +49,7 @@ static struct file_system_type fs_type = {
.name = "securityfs",
.mount = get_sb,
.kill_sb = kill_litter_super,
+ .fs_flags = FS_USERNS_MOUNT,
};
/**
--
1.8.3.2
next reply other threads:[~2013-07-16 19:29 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-07-16 19:29 Serge Hallyn [this message]
2013-07-16 19:38 ` [PATCH RFC] allow some kernel filesystems to be mounted in a user namespace Al Viro
2013-07-16 19:50 ` Serge E. Hallyn
2013-07-16 21:33 ` Andy Lutomirski
2013-07-16 21:37 ` Serge E. Hallyn
2013-07-16 21:39 ` Serge E. Hallyn
2013-07-16 21:44 ` Andy Lutomirski
2013-07-16 22:03 ` Serge E. Hallyn
2013-07-16 22:07 ` Andy Lutomirski
2013-07-16 22:23 ` Serge E. Hallyn
2013-07-17 5:43 ` Eric W. Biederman
2013-07-17 12:41 ` Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130716192920.GA8980@sergelap \
--to=serge.hallyn@ubuntu.com \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox