Re: [PATCH] private mounts

From: Bryan Henderson
Date: Tue Apr 26 2005 - 13:57:38 EST

>On Tue, Apr 26, 2005 at 03:00:10AM -0700, Andrew Morton wrote:
>> Not as thick as mine! Could someone please explain in small words
>> wrong with an suid mount helper?
>Nothing per-se. What makes it bad is the context of a userland
>where the actual filesystem operations in the mounted filesystem happen
>in context of a non-privileged user.

How did the fact that the file access system calls involve user-controlled
code come into this? I thought the FUSE kernel code already shielded the
system from said code to everyone's satisfaction.

We've been talking, rather, about the namespace changes. The exact same
issue exists with a non-userspace filesystem where the user controls the
filesystem contents. For example, a filesystem on a user-supplied CD. A
system administrator -- personally or through his setuid proxy -- might
want to mount this CD for the benefit of some users/processes/whatever but
not add it to the global namespace.

The issue of private mounts (mount = namespace change) would be good to
resolve separately from any problem with bringing user space code into the

BTW, since Miklos said "mount helper" and others have said "mount
wrapper," I think some of us may not be familiar with mount helpers. It's
irrelevant to this discussion, but: util-linux 'mount' has a little-known
feature wherein it can run a filesystem-type-specific program in a child
process to do some of the mount function. A "mount wrapper" would be the
opposite -- a filesystem-type-specific program that runs the generic
'mount' program in a child process.

Bryan Henderson IBM Almaden Research Center
San Jose CA Filesystems
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at