[lxc-devel] [RFC PATCH 00/11] Add support for devtmpfs in user namespaces

Seth Forshee seth.forshee at canonical.com
Wed May 28 09:26:55 UTC 2014 

On Fri, May 23, 2014 at 03:23:50PM -0700, Eric W. Biederman wrote:
> Serge Hallyn <serge.hallyn at ubuntu.com> writes:
> 
> > Quoting Eric W. Biederman (ebiederm at xmission.com):
> >> 
> >> 
> >> >> Ultimately the technical challenge is how do we create a block device
> >> >> that is safe for a user who does not have any capabilities to use, and
> >> >> what can we do with that block device to make it useful.
> >> >
> >> > Yes, and I'd like to get started solving those challenges. But I also
> >> > don't think we can address these two points (support partition blkdevs,
> >> > help prevent more priveleged users from using a namespace's loop
> >> > devices) sufficiently while having an implementation completely
> >> > contained within the loop driver as Greg is requesting.
> >> 
> >> My key take away from the conversation is that we should reduce the
> >> scope of what is being done to something that makes sense and the
> >> propblems are immediately visible.
> >> 
> >> Part of me would like to suggest that fuse and it's ability to imitate
> >> device nodes might be a more appropriate solution, to something that
> >
> > Do you have a link to more info on this?  Some googling got me to an
> > interesting but old thread on CUSE, but nothing specifically about fuse
> > doing this.
> 
> CUSE is probably what I was thinking of.  It is all part of the fuse
> code base in the kernel.  And now that I am reminded it is called CUSE
> I go Duh that is a character device...
> 
> Fuse and everything it can do is definitely the filesystem I would like
> to see most have the audits to be enabled in user namespace.  Fuse
> was built to be sufficiently paranoid to allow this and so it should not
> take a lot to take fuse the rest of the way.

I was aware of FUSE but hadn't ever looked at it much. Looking at it
now, this isn't going to satisfy any of the use cases I know about,
which are wanting to use filesystems supported in-kernel (isofs, ext*).
I don't see that any of these have a FUSE implementation, and I think we
gain more from figuring out how to use in-kernel filesystems in
containers than trying to find a way to shoehorn selected filesystems
into FUSE.

More information about the lxc-devel mailing list