-
Seth Forshee authored
Update fuse to translate uids and gids to/from the user namspace of the process servicing requests on /dev/fuse. Any ids which do not map into the namespace will result in errors. inodes will also be marked bad when unmappable ids are received from the userspace fuse process. Currently no use cases are known for letting the userspace fuse daemon switch namespaces after opening /dev/fuse. Given this fact, and in order to keep the implementation as simple as possible and ease security auditing, the user namespace from which /dev/fuse is opened is used for all id translations. This is required to be the same namespace as s_user_ns to maintain behavior consistent with other filesystems which can be mounted in user namespaces. For cuse the namespace used for the connection is also simply current_user_ns() at the time /dev/cuse is opened. Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
58ecdf5e