[patch 7/8] allow unprivileged mounts
Eric W. Biederman
ebiederm at xmission.com
Sat Apr 21 09:57:10 PDT 2007
Jan Engelhardt <jengelh at linux01.gwdg.de> writes:
> On Apr 21 2007 08:10, Eric W. Biederman wrote:
>>>
>>>> Define a new fs flag FS_SAFE, which denotes, that unprivileged
>>>> mounting of this filesystem may not constitute a security problem.
>>>>
>>>> Since most filesystems haven't been designed with unprivileged
>>>> mounting in mind, a thorough audit is needed before setting this flag.
>>>
>>> Practically speaking, is there any realistic likelihood that any filesystem
>>> apart from FUSE will ever use this?
>>
>>Also potentially some of the kernel virtual filesystems. /proc should
>>be safe already. If you don't have any kind of backing store this problem
>>gets easier.
>
> tmpfs!
tmpfs is a possible problem because it can consume lots of ram/swap. Which
is why it has limits on the amount of space it can consume. Those are set as
mount options as I recall. Which means that we would need to do something
different with respect to limits before tmpfs could become safe for
an untrusted user to mount.
Still it's close.
Eric
More information about the Containers
mailing list