git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/commit

author	Seth Forshee <seth.forshee@canonical.com>
	Thu, 26 Jun 2014 16:58:11 +0000 (11:58 -0500)
committer	Tim Gardner <tim.gardner@canonical.com>
	Mon, 20 Feb 2017 03:57:58 +0000 (20:57 -0700)
commit	d227c94cce7e160a84db96731afbc53f2297b3ac
tree	5fc397cabc362cb729eb1bdc4ad686d0dac48304	tree
parent	f23e9ac4f6133c0c5d917b1d097719e0c9e3208c	commit \| diff

UBUNTU: SAUCE: (namespace) fuse: Support fuse filesystems outside of init_user_ns

In order to support mounts from namespaces other than
init_user_ns, fuse must translate uids and gids to/from the
userns of the process servicing requests on /dev/fuse. This
patch does that, with a couple of restrictions on the namespace:

- The userns for the fuse connection is fixed to the namespace
from which /dev/fuse is opened.

- The namespace must be the same as s_user_ns.

These restrictions simplify the implementation by avoiding the
need to pass around userns references and by allowing fuse to
rely on the checks in inode_change_ok for ownership changes.
Either restriction could be relaxed in the future if needed.

For cuse the namespace used for the connection is also simply
current_user_ns() at the time /dev/cuse is opened.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

fs/fuse/cuse.c		diff \| blob \| blame \| history
fs/fuse/dev.c		diff \| blob \| blame \| history
fs/fuse/dir.c		diff \| blob \| blame \| history
fs/fuse/fuse_i.h		diff \| blob \| blame \| history
fs/fuse/inode.c		diff \| blob \| blame \| history