Re: [PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant

Dongsu Park writes: > From: Seth Forshee > > Unprivileged users are normally restricted from mounting with the > allow_other option by system policy, but this could be bypassed > for a mount done with user namespace root permissions. In such >

Re: [PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant

Dongsu Park writes: > From: Seth Forshee > > Unprivileged users are normally restricted from mounting with the > allow_other option by system policy, but this could be bypassed > for a mount done with user namespace root permissions. In such > cases allow_other should not allow users outside

Re: [PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant

On Fri, Dec 22, 2017 at 03:32:33PM +0100, Dongsu Park wrote: > From: Seth Forshee > > Unprivileged users are normally restricted from mounting with the > allow_other option by system policy, but this could be bypassed > for a mount done with user namespace root

Re: [PATCH 09/11] fuse: Restrict allow_other to the superblock's namespace or a descendant

On Fri, Dec 22, 2017 at 03:32:33PM +0100, Dongsu Park wrote: > From: Seth Forshee > > Unprivileged users are normally restricted from mounting with the > allow_other option by system policy, but this could be bypassed > for a mount done with user namespace root permissions. In such > cases