[PATCH review 0/11] General unprivileged mount support

[Eric W. Biederman]

James Bottomley <James.Bottomley at HansenPartnership.com> writes:

> The point here is, this patch set is simply mechanism; it requires a
> glue layer (like shiftfs, fuse or the vfs remapping proposal) to
> activate it.

Well ext4 can be used directly and Seth has basic patches for that
support.  The modifications needed are quite modest.  The problem with
ext4 is that a malicious ext4 filesystem image might be able to do
something nasty to the kernel.  How to create a maintainable high
performance filesystem that can guard against malicious filesystem
images is an open problem right now.  Which makes ext4 a poor target
for unprivileged mounts.

Fuse is a good target because guarding against malicious input from
userspace is part of it's orginial design.

The new novel mechanism is handling INVALID_UID and INVALID_GID at the
VFS layer so that filesystems who have translations in play (which
will be anything not mounted by the global root) won't have to get
all of the weird corner cases right on their own.

To that end I will be very interested to see what shiftfs looks like on
top of all of this.

Eric