Re: [patch 8/8] allow unprivileged fuse mounts

2007-04-22 Thread Miklos Szeredi
> > + /* > > +* For unprivileged mounts use current uid/gid. Still allow > > +* "user_id" and "group_id" options for compatibility, but > > +* only if they match these values. > > +*/ > > + if (!capable(CAP_SYS_ADMIN)) { > > + d->user_id = current->uid; > > +

Re: [patch 8/8] allow unprivileged fuse mounts

2007-04-22 Thread Miklos Szeredi
+ /* +* For unprivileged mounts use current uid/gid. Still allow +* user_id and group_id options for compatibility, but +* only if they match these values. +*/ + if (!capable(CAP_SYS_ADMIN)) { + d-user_id = current-uid; + d-user_id_present =

Re: [patch 8/8] allow unprivileged fuse mounts

2007-04-21 Thread Eric W. Biederman
Miklos Szeredi <[EMAIL PROTECTED]> writes: > From: Miklos Szeredi <[EMAIL PROTECTED]> > > Use FS_SAFE for "fuse" fs type, but not for "fuseblk". > > FUSE was designed from the beginning to be safe for unprivileged > users. This has also been verified in practice over many years. In > addition

Re: [patch 8/8] allow unprivileged fuse mounts

2007-04-21 Thread Miklos Szeredi
> > Use FS_SAFE for "fuse" fs type, but not for "fuseblk". > > > > FUSE was designed from the beginning to be safe for unprivileged > > users. This has also been verified in practice over many years. > > How does FUSE do this? > > There are obvious cases like crafting a filesystem which has

Re: [patch 8/8] allow unprivileged fuse mounts

2007-04-21 Thread Andrew Morton
On Fri, 20 Apr 2007 12:25:40 +0200 Miklos Szeredi <[EMAIL PROTECTED]> wrote: > Use FS_SAFE for "fuse" fs type, but not for "fuseblk". > > FUSE was designed from the beginning to be safe for unprivileged > users. This has also been verified in practice over many years. How does FUSE do this?

Re: [patch 8/8] allow unprivileged fuse mounts

2007-04-21 Thread Andrew Morton
On Fri, 20 Apr 2007 12:25:40 +0200 Miklos Szeredi [EMAIL PROTECTED] wrote: Use FS_SAFE for fuse fs type, but not for fuseblk. FUSE was designed from the beginning to be safe for unprivileged users. This has also been verified in practice over many years. How does FUSE do this? There are

Re: [patch 8/8] allow unprivileged fuse mounts

2007-04-21 Thread Miklos Szeredi
Use FS_SAFE for fuse fs type, but not for fuseblk. FUSE was designed from the beginning to be safe for unprivileged users. This has also been verified in practice over many years. How does FUSE do this? There are obvious cases like crafting a filesystem which has setuid

Re: [patch 8/8] allow unprivileged fuse mounts

2007-04-21 Thread Eric W. Biederman
Miklos Szeredi [EMAIL PROTECTED] writes: From: Miklos Szeredi [EMAIL PROTECTED] Use FS_SAFE for fuse fs type, but not for fuseblk. FUSE was designed from the beginning to be safe for unprivileged users. This has also been verified in practice over many years. In addition unprivileged

[patch 8/8] allow unprivileged fuse mounts

2007-04-20 Thread Miklos Szeredi
From: Miklos Szeredi <[EMAIL PROTECTED]> Use FS_SAFE for "fuse" fs type, but not for "fuseblk". FUSE was designed from the beginning to be safe for unprivileged users. This has also been verified in practice over many years. In addition unprivileged mounts require the parent mount to be owned

[patch 8/8] allow unprivileged fuse mounts

2007-04-20 Thread Miklos Szeredi
From: Miklos Szeredi [EMAIL PROTECTED] Use FS_SAFE for fuse fs type, but not for fuseblk. FUSE was designed from the beginning to be safe for unprivileged users. This has also been verified in practice over many years. In addition unprivileged mounts require the parent mount to be owned by the