• Seth Forshee's avatar
    fuse: Add support for pid namespaces · 3042f139
    Seth Forshee authored
    If the userspace process servicing fuse requests is running in
    a pid namespace then pids passed via the fuse fd need to be
    translated relative to that namespace. Capture the pid namespace
    in use when the filesystem is mounted and use this for pid
    translation.
    
    Since no use case currently exists for changing namespaces all
    translations are done relative to the pid namespace in use when
    /dev/fuse is opened. Mounting or /dev/fuse IO from another
    namespace will return errors.
    
    Requests from processes whose pid cannot be translated into the
    target namespace are not permitted, except for requests
    allocated via fuse_get_req_nofail_nopages. For no-fail requests
    in.h.pid will be 0 if the pid translation fails.
    
    File locking changes based on previous work done by Eric
    Biederman.
    Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
    Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
    3042f139
file.c 73.6 KB