From: Edouard Klein <edou@rdklein.fr>
To: 9fans <9fans@9fans.net>
Cc: moody@posixcafe.org
Subject: Re: [9fans] Re: Mounting a 9P filesystem under a Linux "user namespace"
Date: Fri, 23 Feb 2024 22:08:14 +0100 [thread overview]
Message-ID: <87plwm3n07.fsf@rdklein.fr> (raw)
In-Reply-To: <87msw2bsfk.fsf@rdklein.fr>
Again for the record, if anybody is looking for a 9P2000.L FUSE
implementation, I had to write one, I used github.com/hugelgupf/p9 as a
base:
git clone git@the-dam.org:f29p
With that, one can mount a 9P2000.L server from inside a linux 'mount
namespace'.
I'll talk about that if my paper passes the IWP9 review.
Cheers,
Edouard.
Edouard Klein <edou@rdklein.fr> writes:
> For the record here is the lkml post
> https://lkml.org/lkml/2023/10/28/155
> Edouard Klein <edou@rdklein.fr> writes:
>
>> Thanks Moody for the nudge in a direction I hadn't explored.
>>
>> It seems that Linux does not see 9p as been safe to mount without
>> privilege. From what I understand, only FS with the FS_USERNS_MOUNT flag
>> can be mounted in a user namespace. It seems that v9fs is not one of
>> them:
>>
>> For example, tmpfs is a safe FS, and I can do:
>> unshare --user --map-root-user --mount
>> mount -t tmpfs tmpfs mnt/mnt1/
>>
>> and it works.
>>
>> However, if I do:
>> unshare --user --map-root-user --mount
>> mount -t 9p -o trans=unix /run/9p/srv4 mnt/mnt1
>>
>> I get mount: /home/edouard/mnt/mnt1: permission denied.
>>
>>
>> I've sent an email to the linux kernel mailing list to see if somebody
>> there has any up to date information.
>>
>> Somebody tried the same thing in 2018:
>> https://lore.kernel.org/all/39b08c53-3449-3164-c1b1-44ac587dd4ea@metux.net/T/
>> Seemingly without succeeding.
>>
>> The end of the above thread is a bit worrying:
>>> plan9fs would
>>> also be a candidate for that kind of treatment if it had a maintainer.
>>
>> I did not know v9fs was unmaintained, I find that a bit surprising. It
>> does work very reliably.
>>
>> I'll keep this list updated as I make progress.
>>
>> Cheers,
>>
>> Edouard
>>
>> moody@posixcafe.org writes:
>>
>>> Edouard,
>>>
>>> I am no Linux expert, but I think if you create a mount namespace as part of
>>> the user namespace you will be allowed to execute mounts without root. In
>>> terms of clients, I am not aware
>>> of any other then the one within the linux kernel.
>>>
>>> Regards,
>>> Moody
>>> 9fans / 9fans / see discussions + participants + delivery options Permalink
------------------------------------------
9fans: 9fans
Permalink: https://9fans.topicbox.com/groups/9fans/Tb5d039f675c54046-M9d4a22b7f8e14bfa2bb23e3c
Delivery options: https://9fans.topicbox.com/groups/9fans/subscription
next prev parent reply other threads:[~2024-02-23 21:10 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-10-27 16:00 [9fans] " Edouard Klein
2023-10-27 16:34 ` [9fans] " moody
2023-10-28 15:05 ` Edouard Klein
2023-10-28 16:52 ` Edouard Klein
2024-02-23 21:08 ` Edouard Klein [this message]
2023-10-30 4:39 ` cigar562hfsp952fans
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87plwm3n07.fsf@rdklein.fr \
--to=edou@rdklein.fr \
--cc=9fans@9fans.net \
--cc=moody@posixcafe.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).