Re: [PATCH 1/5] fs: Verify access of user towards block device file when mounting

From: Jan Kara <jack@suse.cz>
Date: 2015-10-01 23:07:00
Also in: dm-devel, linux-fsdevel, linux-raid, lkml, selinux

On Thu 01-10-15 10:55:50, Eric W. Biederman wrote:

The goal if possible is to run things like docker without needed to be
root or even more fun to run docker in a container, and in general
enable nested containers.

Frankly at the filesystem side we are rather far from being able to safely
mount untrusted device and I don't think we'll ever be robust enough to
tolerate e.g. user changing the disk while fs is using it. So would this be
FUSE-only thing or is someone still hoping that general purpose filesystems
will be robust enough in future?

								Honza
-- 
Jan Kara [off-list ref]
SUSE Labs, CR

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help