Re: [patch 07/10] unprivileged mounts: add sysctl tunable for "safe" property

Quoting Miklos Szeredi (miklos@xxxxxxxxxx):
What do you think about doing this only if FS_SAFE is also set,
so for instance at first only FUSE would allow itself to be
made user-mountable?

A safe thing to do, or overly intrusive?

It goes somewhat against the "no policy in kernel" policy ;). I think
the warning in the documentation should be enough to make sysadmins
think twice before doing anything foolish:

Warning in which documentation? A sysadmin considering setting fs_safe
for ext2 or xfs isn't going to be looking at fuse docs, which I think is
what you're talking about. Are you going to add a file under
Documentation/filesystems?

+Care should be taken when enabling this, since most
+filesystems haven't been designed with unprivileged mounting
+in mind.
+

BTW, filesystems like 'proc' and 'sysfs' should also be safe, although
the only use for them being marked safe is if the users are allowed to
umount them from their private namespace (otherwise a 'mount --bind'
has the same effect as a new mount).

Thanks,
Miklos
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Relevant Pages