linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Vivek Goyal <vgoyal@redhat.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Amir Goldstein <amir73il@gmail.com>,
	Djalal Harouni <tixxdz@gmail.com>, Chris Mason <clm@fb.com>,
	Theodore Tso <tytso@mit.edu>,
	Josh Triplett <josh@joshtriplett.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Andy Lutomirski <luto@kernel.org>,
	Seth Forshee <seth.forshee@canonical.com>,
	linux-fsdevel <linux-fsdevel@vger.kernel.org>,
	linux-kernel <linux-kernel@vger.kernel.org>,
	LSM List <linux-security-module@vger.kernel.org>,
	Dongsu Park <dongsu@endocode.com>,
	David Herrmann <dh.herrmann@googlemail.com>,
	Miklos Szeredi <mszeredi@redhat.com>,
	Alban Crequy <alban.crequy@gmail.com>,
	Al Viro <viro@zeniv.linux.org.uk>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	Phil Estes <estesp@gmail.com>
Subject: Re: [RFC 1/1] shiftfs: uid/gid shifting bind mount
Date: Thu, 16 Feb 2017 11:42:33 -0500	[thread overview]
Message-ID: <20170216164233.GC23490@redhat.com> (raw)
In-Reply-To: <1487260318.2944.18.camel@HansenPartnership.com>

On Thu, Feb 16, 2017 at 07:51:58AM -0800, James Bottomley wrote:

[..]
> > Two levels of checks will simplify this a bit. Top level inode will 
> > belong to the user namespace of caller and checks should pass. And 
> > mounter's creds will have ownership over the real inode so no 
> > additional namespace shifting required there.
> 
> That's the problem: for a marked mount, they don't.

In this new model it does not fit directly. 

I was playing with a slightly different approach and modified patches so
that real root still does the mounting and takes an mount option which
specifies which user namespace we want to shift into. Thanks to Eric for
the idea.

mount -t shiftfs -o userns_fd=<fd> source shifted-fs

In this case real-root is mounter and notion of using mounter's creds on
real-inode works.

This requires a user namespace to be created before shiftfs can be mounted
and then container admin should be able to bind mount shifted-fs.

In this model, intervention of real-root is still required to setup
container and shiftfs. I guess that might not satisfy your needs where
unprivileged user should be able to launch container and be able to
make use of shiftfs, IIUC.

Vivek

  reply	other threads:[~2017-02-16 16:42 UTC|newest]

Thread overview: 82+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-02-04 19:18 [RFC 0/1] shiftfs: uid/gid shifting filesystem (s_user_ns version) James Bottomley
2017-02-04 19:19 ` [RFC 1/1] shiftfs: uid/gid shifting bind mount James Bottomley
2017-02-05  7:51   ` Amir Goldstein
2017-02-06  1:18     ` James Bottomley
2017-02-06  6:59       ` Amir Goldstein
2017-02-06 14:41         ` James Bottomley
2017-02-14 23:03       ` Vivek Goyal
2017-02-14 23:45         ` James Bottomley
2017-02-15 14:17           ` Vivek Goyal
2017-02-16 15:51             ` James Bottomley
2017-02-16 16:42               ` Vivek Goyal [this message]
2017-02-16 16:58                 ` James Bottomley
2017-02-17  1:57                   ` Eric W. Biederman
2017-02-17  8:39                     ` Djalal Harouni
2017-02-17 17:19                     ` James Bottomley
2017-02-20  4:24                       ` Eric W. Biederman
2017-02-22 12:01                         ` James Bottomley
2017-02-06  3:25   ` J. R. Okajima
2017-02-06  6:38     ` Amir Goldstein
2017-02-06 16:29       ` James Bottomley
2017-02-06  6:46     ` James Bottomley
2017-02-06 14:50       ` Theodore Ts'o
2017-02-06 15:18         ` James Bottomley
2017-02-06 15:38           ` lkml
2017-02-06 17:32             ` James Bottomley
2017-02-06 21:52           ` J. Bruce Fields
2017-02-07  0:10             ` James Bottomley
2017-02-07  1:35               ` J. Bruce Fields
2017-02-07 19:01                 ` James Bottomley
2017-02-07 19:47                   ` Christoph Hellwig
2017-02-06 16:24       ` J. R. Okajima
2017-02-21  0:48         ` James Bottomley
2017-02-21  2:57           ` J. R. Okajima
2017-02-21  4:07             ` James Bottomley
2017-02-21  4:34               ` J. R. Okajima
2017-02-07  9:19   ` Christoph Hellwig
2017-02-07  9:39     ` Djalal Harouni
2017-02-07  9:53       ` Christoph Hellwig
2017-02-07 16:37     ` James Bottomley
2017-02-07 17:59       ` Amir Goldstein
2017-02-07 18:10         ` Christoph Hellwig
2017-02-07 19:02           ` James Bottomley
2017-02-07 19:49             ` Christoph Hellwig
2017-02-07 20:05               ` James Bottomley
2017-02-07 21:01                 ` Amir Goldstein
2017-02-07 22:25                   ` Christoph Hellwig
2017-02-07 23:42                     ` James Bottomley
2017-02-08  6:44                       ` Amir Goldstein
2017-02-08 11:45                         ` Konstantin Khlebnikov
2017-02-08 14:57                         ` James Bottomley
2017-02-08 15:15                         ` James Bottomley
2017-02-08  1:54               ` Josh Triplett
2017-02-08 15:22                 ` James Bottomley
2017-02-09 10:36                   ` Josh Triplett
2017-02-09 15:34                     ` James Bottomley
2017-02-13 10:15                       ` Eric W. Biederman
2017-02-15  9:33                         ` Djalal Harouni
2017-02-15  9:37                           ` Eric W. Biederman
2017-02-15 10:04                             ` Djalal Harouni
2017-02-07 18:20         ` James Bottomley
2017-02-07 19:48           ` Djalal Harouni
2017-02-15 20:34   ` Vivek Goyal
2017-02-16 15:56     ` James Bottomley
2017-02-17  2:55       ` Al Viro
2017-02-17 17:34         ` James Bottomley
2017-02-17 20:35           ` Vivek Goyal
2017-02-19  3:24             ` James Bottomley
2017-02-20 19:26               ` Vivek Goyal
2017-02-21  0:38                 ` James Bottomley
2017-02-17  2:29   ` Al Viro
2017-02-17 17:24     ` James Bottomley
2017-02-17 17:51       ` Al Viro
2017-02-17 20:27         ` Vivek Goyal
2017-02-17 20:50         ` James Bottomley
  -- strict thread matches above, loose matches on Subject: below --
2016-05-12 19:06 [RFC 0/1] shiftfs: uid/gid shifting filesystem James Bottomley
2016-05-12 19:07 ` [RFC 1/1] shiftfs: uid/gid shifting bind mount James Bottomley
2016-05-16 19:41   ` Serge Hallyn
2016-05-17  2:28     ` James Bottomley
2016-05-17  3:47       ` Serge E. Hallyn
2016-05-17 10:23         ` James Bottomley
2016-05-17 20:59           ` James Bottomley
2016-05-19  2:28             ` Serge E. Hallyn
2016-05-19 10:53               ` James Bottomley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170216164233.GC23490@redhat.com \
    --to=vgoyal@redhat.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=alban.crequy@gmail.com \
    --cc=amir73il@gmail.com \
    --cc=clm@fb.com \
    --cc=dh.herrmann@googlemail.com \
    --cc=dongsu@endocode.com \
    --cc=ebiederm@xmission.com \
    --cc=estesp@gmail.com \
    --cc=josh@joshtriplett.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=luto@kernel.org \
    --cc=mszeredi@redhat.com \
    --cc=serge@hallyn.com \
    --cc=seth.forshee@canonical.com \
    --cc=tixxdz@gmail.com \
    --cc=tytso@mit.edu \
    --cc=viro@zeniv.linux.org.uk \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).