[PATCH 2/4][DISCO] shiftfs: rework and extend
Seth Forshee
seth.forshee at canonical.com
Mon Apr 1 12:38:16 UTC 2019
On Fri, Mar 29, 2019 at 05:56:55PM -0500, Tyler Hicks wrote:
> On 2019-03-27 15:11:26, Christian Brauner wrote:
> > /* Mount Options */
> > - mark
> > When set the mark mount option indicates that the mount in question is
> > allowed to be shifted. Since shiftfs it mountable in by user namespace root
> > non-initial user namespace this mount options ensures that the system
> > administrator has decided that the marked mount is safe to be shifted.
> > To mark a mount as shiftable CAP_SYS_ADMIN in the user namespace is required.
>
> Just to make sure that I'm understanding the changes that this patch
> make to .fill_super... CAP_SYS_ADMIN is still required in the
> init_user_ns for that first mark mount, correct?
In practice this is essentially true, though strictly speaking the
requirement is CAP_SYS_ADMIN in the sb->s_user_ns of the fs over which
shiftfs is being mounted. I wanted to point this out because this means
that the ids which will be shifted can only be ones valid in that user
ns, which means that the user performing the mark mount is privileged
wrt the full set of uids/gids which can be shifted by a shiftfs mount.
Seth
>
> How does LXD plan to integrate support for shiftfs? Will it be selective
> on the mark mounts that it performs on behalf of unprivileged users?
>
> Tyler
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list