per process filesystem namespace
per process filesystem namespace
Posted Oct 23, 2002 6:05 UTC (Wed) by scottt (guest, #5028)Parent article: Creating Linux virtual filesystems
On a somewhat related topic, I was under the impression that in 2.5 the VFS supports per process namespaces so a user without root priviledges can mount filesystems at will. Can someone confirm this ?
Posted Oct 23, 2002 12:34 UTC (Wed)
by corbet (editor, #1)
[Link] (2 responses)
Posted Oct 24, 2002 2:11 UTC (Thu)
by brugolsky (guest, #28)
[Link]
I'm beginning to think about this because I want to start using Ron Minnich's implementation of 9P (v9fs.sourceforge.net) for various development and admin tasks. Great article Jon -- once Al Viro adds union-mount, may a thousand
Posted Oct 24, 2002 20:20 UTC (Thu)
by brouhaha (subscriber, #1698)
[Link]
AFAICT, that would allow non-privileged users to play with their namespace all they want, without compromising system integrity.
2.5 has per-process namespaces, allowing the administrator to set up completely different views of the filesystem for different tasks. This capability remains restricted to root, though. If any user could set up any namespace they wanted, there would be a thousand ways to confuse setuid programs and take over the system.
per process filesystem namespace
Al Viro also snuck it into 2.4.19. :-) It ought to be possible to allow non-root mounts on mount points where the user has write permission. As Jon noted, letting the user mount over, e.g., /etc/passwd, is incompatible with setuid executables.per process filesystem namespace
mini filesystems bloom. :-P
There's a simple solution to that: if a setuid program gets loaded when there is a per-process namespace active, the kernel can ignore the setuid bit and run it with no privileges.per process filesystem namespace