Dear Aufs maintainers,
Linux kernel 3.8 has added support for user namespace which allows
unprivileged users to create different namespaces for sandboxing within the
user namespace. The filesystem developers need to explicitly allow mounting
their filesystem types within a user namespace. This explicit permission is
required because an overall unprivileged user of the system can be mapped to
a root user within a user namespace. Most of the Linux filesystems already
support user namespaces.
This use namespace support can be added by a small change in the file
fs/aufs/super.c to add
flag FS_USERNS_MOUNT to aufs_fs_type (shown in bold below). Please let me
know if you would like me to send a patch including this change.
fs/aufs/super.c:
struct file_system_type aufs_fs_type = {
.name = AUFS_FSTYPE,
/* a race between rename and others */
.fs_flags = FS_RENAME_DOES_D_MOVE | FS_USERNS_MOUNT,
.mount = aufs_mount,
.kill_sb = aufs_kill_sb,
/* no need to __module_get() and module_put(). */
.owner = THIS_MODULE,
};
Thanks,
Bhushan Jain
CS PhD candidate,
Stony Brook University
------------------------------------------------------------------------------
See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!
http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
