Thanks for letting me know about  this discussion.
Serge is correct. By allowing this flag, an un-privileged user can mount aufs 
filesystem within the user namespace and the administrator needs to be aware of 
this. However, I am not sure about the harm in letting an unprivileged user 
mount the aufs filesystem. The file permissions cannot be violated even in a 
user namespace.

As Eric said:
"The rule with filesystems like that is mounting them needs to be no more 
dangerous than bind mounting them."

And I think, this is true for aufs filesystem. Please correct me if I am wrong.

From: sf...@users.sourceforge.net [sf...@users.sourceforge.net]
Sent: Wednesday, July 17, 2013 9:57 AM
To: Bhushan Jain; aufs-users@lists.sourceforge.net
Subject: Re: Aufs support for Linux User namespace

> Bhushan Jain:
> > Attached is a sample code that creates a user namespace and maps the un-pri=
> > vileged user to root within the namespace.=0A=
> > The user namespace can be used for sandboxing. Having aufs support within t=
> > he user namespace can help create a chroot environment where multiple direc=
> > tories are united into a single filesystem.=0A=
> Thanks for the sample code.
> Personally, user-ns is not attractive for me, at the same time I don't
> have strong objection. So I will merge your patch.

Intrestingly, very similar discussion happened on LKML.
See this and its thread.
        Date: Tue, 16 Jul 2013 14:29:20 -0500
        From: Serge Hallyn <serge.hal...@ubuntu.com>
        Subject: [PATCH RFC] allow some kernel filesystems to be mounted
                in a user namespace

The patch sets FS_USERNS_MOUNT for debugfs, fuse and securityfs.
But at the end of the thread, he wrote
        Right so the specific problem this patch introduces is:  An admin who is
        using a distro kernel with these filesystems enabled but not mounted,
        without this patch does not have to worry about unprivileged users being
        able to access the fs.  With this patch, he does.

        Thanks everyone, I withdraw this patch.

If such problem really exists, it might be better for aufs NOT to set

J. R. Okajima

See everything from the browser to the database with AppDynamics
Get end-to-end visibility with application monitoring from AppDynamics
Isolate bottlenecks and diagnose root cause in seconds.
Start your free trial of AppDynamics Pro today!

Reply via email to