Closed jessfraz closed 6 years ago
cyphar
commented
6 years ago Eric Biederman has been working recently on getting unprivileged FUSE working. The hope is that this could lead to unprivileged overlay (and other filesystems) as well in upstream kernels. We'll see how that goes though (some Ubuntu folks tried this a while ago and it didn't get merged last time).
AkihiroSuda
commented
6 years ago Do you know why Ubuntu patch was rejected? Can we resubmit with /proc/sys/unprivileged_userns_overlayfs knob?
cyphar
commented
6 years ago Do you know why Ubuntu patch was rejected?
The maintainer called the patch "very brave". Effectively the concern is that the permissions checks for the copyup logic or other similar features of overlayfs could cause severe security problems. Luckily the concern isn't as major as other filesystems (the only user-provided data is the option string as opposed to an entire block device).
Can we resubmit with /proc/sys/unprivileged_userns_overlayfs knob?
I wouldn't really put money on it, as Eric would probably prefer that we just make overlayfs safe rather than have a knob to enable (potential) root exploits.
AkihiroSuda
commented
6 years ago Thanks for the info.
Also, starting with v0.7 (Ubuntu 18.04), ZFS on Linux allows unprivileged users to manipulate filesystems. (zfs allow).
It should be probably faster and stabler than FUSE overlay.
cyphar
commented
6 years ago Eric has just re-sent the new FUSE patchset.
alban
commented
6 years ago @jessfraz did you do your demo using Ubuntu? To have the patch set to be able to mount FUSE in a non-init userns?
jessfraz
commented
6 years ago The demo was using native, I took away all the mounts today in native as a stop gap til everything else works with mounts :)
requires this Ubuntu kernel patch http://kernel.ubuntu.com/git/ubuntu/ubuntu-artful.git/commit/fs/overlayfs?h=Ubuntu-4.13.0-25.29&id=0a414bdc3d01f3b61ed86cfe3ce8b63a9240eba7