[9fans] Mounting a 9P filesystem under a Linux "user namespace"

[9fans] Mounting a 9P filesystem under a Linux "user namespace"

[Edouard Klein]

Dear 9fans,

I'm trying to mount a 9p filesystem under a Linux user "namespace".

Apparently this is verboten, because mounting filesystems is dangerous.
So only fuse is permitted inside a user namespace.

I've tried
- using a setuid binary: does not work inside the user namespace,
- 9pfuse and 9pfs: don't speak 9P2000.L, the only linux 9P2000 server I
  know of is inferno's export,
- lklfuse: does not seem to be able to mount 9p, despite the code being
there.

I'm about to write my own 9P2000.L fuse wrapper, but before I dive into
that, I thought I'd ask here: has anybody ever mounted a 9P filesystem
from inside a Linux user namespace, or even better, a full blown
container ?

Thanks in advance,

Cheers,

Edouard.

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tb5d039f675c54046-M2423e0177eac4b5455a8ed28
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

[9fans] Re: Mounting a 9P filesystem under a Linux "user namespace"

[moody]

[-- Attachment #1: Type: text/plain, Size: 497 bytes --]

Edouard,

I am no Linux expert, but I think if you create a mount namespace as part of the user namespace you will be allowed to execute mounts without root.  In terms of clients, I am not aware of any other then the one within the linux kernel.


Regards,
Moody
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tb5d039f675c54046-M65fcd7a14c8181081bedcc34
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

[-- Attachment #2: Type: text/html, Size: 1030 bytes --]

Re: [9fans] Re: Mounting a 9P filesystem under a Linux "user namespace"

[Edouard Klein]

Thanks Moody for the nudge in a direction I hadn't explored.

It seems that Linux does not see 9p as been safe to mount without
privilege. From what I understand, only FS with the FS_USERNS_MOUNT flag
can be mounted in a user namespace. It seems that v9fs is not one of
them:

For example, tmpfs is a safe FS, and I can do:
unshare --user --map-root-user --mount
mount -t tmpfs tmpfs mnt/mnt1/

and it works.

However, if I do:
unshare --user --map-root-user --mount
mount -t 9p -o trans=unix /run/9p/srv4 mnt/mnt1

I get  mount: /home/edouard/mnt/mnt1: permission denied.


I've sent an email to the linux kernel mailing list to see if somebody
there has any up to date information.

Somebody tried the same thing in 2018:
https://lore.kernel.org/all/39b08c53-3449-3164-c1b1-44ac587dd4ea@metux.net/T/
Seemingly without succeeding.

The end of the above thread is a bit worrying:
>  plan9fs would
> also be a candidate for that kind of treatment if it had a maintainer.

I did not know v9fs was unmaintained, I find that a bit surprising. It
does work very reliably.

I'll keep this list updated as I make progress.

Cheers,

Edouard

moody@posixcafe.org writes:

> Edouard,
>
> I am no Linux expert, but I think if you create a mount namespace as part of the user namespace you will be allowed to execute mounts without root.  In terms of clients, I am not aware
> of any other then the one within the linux kernel.
>
> Regards,
> Moody
> 9fans / 9fans / see discussions + participants + delivery options Permalink

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tb5d039f675c54046-M7429b33b5dade82a7a13839d
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

Re: [9fans] Re: Mounting a 9P filesystem under a Linux "user namespace"

[Edouard Klein]

For the record here is the lkml post
https://lkml.org/lkml/2023/10/28/155
Edouard Klein <edou@rdklein.fr> writes:

> Thanks Moody for the nudge in a direction I hadn't explored.
>
> It seems that Linux does not see 9p as been safe to mount without
> privilege. From what I understand, only FS with the FS_USERNS_MOUNT flag
> can be mounted in a user namespace. It seems that v9fs is not one of
> them:
>
> For example, tmpfs is a safe FS, and I can do:
> unshare --user --map-root-user --mount
> mount -t tmpfs tmpfs mnt/mnt1/
>
> and it works.
>
> However, if I do:
> unshare --user --map-root-user --mount
> mount -t 9p -o trans=unix /run/9p/srv4 mnt/mnt1
>
> I get  mount: /home/edouard/mnt/mnt1: permission denied.
>
>
> I've sent an email to the linux kernel mailing list to see if somebody
> there has any up to date information.
>
> Somebody tried the same thing in 2018:
> https://lore.kernel.org/all/39b08c53-3449-3164-c1b1-44ac587dd4ea@metux.net/T/
> Seemingly without succeeding.
>
> The end of the above thread is a bit worrying:
>>  plan9fs would
>> also be a candidate for that kind of treatment if it had a maintainer.
>
> I did not know v9fs was unmaintained, I find that a bit surprising. It
> does work very reliably.
>
> I'll keep this list updated as I make progress.
>
> Cheers,
>
> Edouard
>
> moody@posixcafe.org writes:
>
>> Edouard,
>>
>> I am no Linux expert, but I think if you create a mount namespace as part of
>> the user namespace you will be allowed to execute mounts without root. In
>> terms of clients, I am not aware
>> of any other then the one within the linux kernel.
>>
>> Regards,
>> Moody
>> 9fans / 9fans / see discussions + participants + delivery options Permalink

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tb5d039f675c54046-Mf8b4d705299aeeb3bc919867
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

[9fans] Re: Mounting a 9P filesystem under a Linux "user namespace"

[cigar562hfsp952fans]

Edouard Klein <edou@rdklein.fr> writes:

> I'm about to write my own 9P2000.L fuse wrapper, but before I dive into
> that, I thought I'd ask here: has anybody ever mounted a 9P filesystem
> from inside a Linux user namespace, or even better, a full blown
> container ?

Well, all my containers are in the recycling bin by my back door.  But I
do regularly mount and use 9P filesystems on Linux, using either the
"9p" filesystem in the Linux kernel or the 9pfuse FUSE client, depending
on the circumstances.

I modified 9pfuse to support Unix file types (block/character devices,
symlinks, etc.)  Those modifications allow storage/retrieval of vac
archives containing Unix filesystems.  IIRC, I submitted those changes
as a patch to plan9port about 10 years ago.

There are problems with 9pfuse, however.  9pfuse is slow and leaks
memory.  And, due to restrictions in the FUSE protocol, file ownership
is limited to a single user (the user mounting the export).  GNU find
(even with invoked with -noleaf) also has problems traversing
directories served by 9pfuse.  I haven't bothered porting my mods to
9pfs, though it may well be worth the effort.

I've been toying with the idea of writing a 9P2000 translation server to
translate between my extensions and 9p2000.u.  That way, a single 9P2000
filesystem could be mounted (presumably by root) and used by multiple
users.  The problem with the Linux kernel's 9p filesystem is that it
doesn't have any sensible way to map 9P2000 user/group names to Linux
UID/GIDs.  That seems to be the big stumbling block.

Wait, 9P2000.L?  What's that?

Inferno's "export" works OK with both 9pfuse and Linux's 9p fs driver.
But I recall there being other 9P2000 file servers out there.

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tb5d039f675c54046-Md105fe9cdb66627c43229d81
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription

Re: [9fans] Re: Mounting a 9P filesystem under a Linux "user namespace"

[Edouard Klein]

Again for the record, if anybody is looking for a 9P2000.L FUSE
implementation, I had to write one, I used github.com/hugelgupf/p9 as a
base:

git clone git@the-dam.org:f29p

With that, one can mount a 9P2000.L server from inside a linux 'mount
namespace'.

I'll talk about that if my paper passes the IWP9 review.

Cheers,

Edouard.


Edouard Klein <edou@rdklein.fr> writes:

> For the record here is the lkml post
> https://lkml.org/lkml/2023/10/28/155
> Edouard Klein <edou@rdklein.fr> writes:
>
>> Thanks Moody for the nudge in a direction I hadn't explored.
>>
>> It seems that Linux does not see 9p as been safe to mount without
>> privilege. From what I understand, only FS with the FS_USERNS_MOUNT flag
>> can be mounted in a user namespace. It seems that v9fs is not one of
>> them:
>>
>> For example, tmpfs is a safe FS, and I can do:
>> unshare --user --map-root-user --mount
>> mount -t tmpfs tmpfs mnt/mnt1/
>>
>> and it works.
>>
>> However, if I do:
>> unshare --user --map-root-user --mount
>> mount -t 9p -o trans=unix /run/9p/srv4 mnt/mnt1
>>
>> I get  mount: /home/edouard/mnt/mnt1: permission denied.
>>
>>
>> I've sent an email to the linux kernel mailing list to see if somebody
>> there has any up to date information.
>>
>> Somebody tried the same thing in 2018:
>> https://lore.kernel.org/all/39b08c53-3449-3164-c1b1-44ac587dd4ea@metux.net/T/
>> Seemingly without succeeding.
>>
>> The end of the above thread is a bit worrying:
>>>  plan9fs would
>>> also be a candidate for that kind of treatment if it had a maintainer.
>>
>> I did not know v9fs was unmaintained, I find that a bit surprising. It
>> does work very reliably.
>>
>> I'll keep this list updated as I make progress.
>>
>> Cheers,
>>
>> Edouard
>>
>> moody@posixcafe.org writes:
>>
>>> Edouard,
>>>
>>> I am no Linux expert, but I think if you create a mount namespace as part of
>>> the user namespace you will be allowed to execute mounts without root. In
>>> terms of clients, I am not aware
>>> of any other then the one within the linux kernel.
>>>
>>> Regards,
>>> Moody
>>> 9fans / 9fans / see discussions + participants + delivery options Permalink

------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tb5d039f675c54046-M9d4a22b7f8e14bfa2bb23e3c
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription