From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 24220 invoked from network); 28 Oct 2023 15:11:23 -0000 Received: from tb-ob1.topicbox.com (64.147.108.173) by inbox.vuxu.org with ESMTPUTF8; 28 Oct 2023 15:11:23 -0000 Received: from tb-mx0.topicbox.com (tb-mx0.nyi.icgroup.com [10.90.30.73]) by tb-ob1.topicbox.com (Postfix) with ESMTP id C94DD1FF23 for ; Sat, 28 Oct 2023 11:11:21 -0400 (EDT) (envelope-from bounce.mM7429b33b5dade82a7a13839d.r522be890-2105-11eb-b15e-8d699134e1fa@9fans.bounce.topicbox.com) Received: by tb-mx0.topicbox.com (Postfix, from userid 1132) id C85BB9AA6B; Sat, 28 Oct 2023 11:11:21 -0400 (EDT) ARC-Authentication-Results: i=3; topicbox.com; arc=pass (as.1.zohomail.eu=pass, ams.1.zohomail.eu=pass) smtp.remote-ip=136.143.169.9; dkim=pass (2048-bit rsa key sha256) header.d=rdklein.fr header.i=edou@rdklein.fr header.b=S5ywwrxW header.a=rsa-sha256 header.s=zoho x-bits=2048; dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=rdklein.fr; spf=pass smtp.mailfrom=edou@rdklein.fr smtp.helo=sender-op-o9.zoho.eu; x-internal-arc=fail (as.2.topicbox.com=pass, ams.2.topicbox.com=fail (message has been altered), as.1.zohomail.eu=pass, ams.1.zohomail.eu=fail (message has been altered)) (Message modified while forwarding at Topicbox) ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=references:from:to:cc:subject:date:in-reply-to :message-id:mime-version:content-type:list-help:list-id :list-post:list-subscribe:reply-to:content-transfer-encoding :list-unsubscribe; s=sysmsg-1; t=1698505881; bh=iCiLDAYY60L18mTw OoVw71A8u8Ukp72EAv1yUHgrEq0=; b=iUFka/Vf+uiRh9K0z4/K0/UuF3B7PUzI 0sHPNFT0XFCbqw9X0mW5JklfTA1gFO94EarnJHMUW+pX0NRZ1DCDv4nj5rYN0KE1 KmwEMvHoYxcLfiVDCd6uZva4ahSfK07kK8H6iLaxZf5Nzo5tvmuiUq57BR04oOOP O3LFanmXGD4= ARC-Seal: i=3; a=rsa-sha256; cv=pass; d=topicbox.com; s=sysmsg-1; t= 1698505881; b=qufH6rKcHHnfJDuxUyZu6VggApSvDLpwcIXDYa1ngM7aOI2YhE k/j5SmYRN79lsmMUVqFq1YjPeiQUmk7oGbkn8D87Q9t6SDrDWsb4yCAPAO4tFM+k IZruokO+I90A/X8wrv6q0NS9v5UK+APe0dPF+o3xN6MiLcvAKLlxhZKGI= Authentication-Results: topicbox.com; arc=pass (as.1.zohomail.eu=pass, ams.1.zohomail.eu=pass) smtp.remote-ip=136.143.169.9; dkim=pass (2048-bit rsa key sha256) header.d=rdklein.fr header.i=edou@rdklein.fr header.b=S5ywwrxW header.a=rsa-sha256 header.s=zoho x-bits=2048; dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=rdklein.fr; spf=pass smtp.mailfrom=edou@rdklein.fr smtp.helo=sender-op-o9.zoho.eu; x-internal-arc=fail (as.2.topicbox.com=pass, ams.2.topicbox.com=fail (message has been altered), as.1.zohomail.eu=pass, ams.1.zohomail.eu=fail (message has been altered)) (Message modified while forwarding at Topicbox) X-Received-Authentication-Results: tb-mx0.topicbox.com; arc=pass (as.1.zohomail.eu=pass, ams.1.zohomail.eu=pass) smtp.remote-ip=136.143.169.9; bimi=skipped (DMARC did not pass); dkim=pass (2048-bit rsa key sha256) header.d=rdklein.fr header.i=edou@rdklein.fr header.b=S5ywwrxW header.a=rsa-sha256 header.s=zoho x-bits=2048; dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=rdklein.fr; iprev=pass smtp.remote-ip=136.143.169.9 (sender-op-o9.zoho.eu); spf=pass smtp.mailfrom=edou@rdklein.fr smtp.helo=sender-op-o9.zoho.eu; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=sender-op-o9.zoho.eu policy.ptr=sender-op-o9.zoho.eu; x-return-mx=pass header.domain=rdklein.fr policy.is_org=yes (MX Records found: mx2.zoho.eu,mx.zoho.eu,mx3.zoho.eu); x-return-mx=pass smtp.domain=rdklein.fr policy.is_org=yes (MX Records found: mx2.zoho.eu,mx.zoho.eu,mx3.zoho.eu); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9fans.net; h=references :from:to:cc:subject:date:in-reply-to:message-id:mime-version :content-type:list-help:list-id:list-post:list-subscribe :reply-to:content-transfer-encoding:list-unsubscribe; s=dkim-1; t=1698505881; x=1698592281; bh=ZDXOnr+NLlAbd00h9WOmYMZLSoXEJjSn 2ipyd5Pa1z4=; b=ouixezLEB/M++K2AQf2+mNhq+aX1Bp9II4w8FvZZ6/M5BBnj 7FLoSl6tJBbSpoqfrGKv/VqPFdf6EzLH4QfZEzer8TQvJgI9ZCw1kRD7waZovTNB fWQLjRpFclCKs9Y6ILbgPa8TP/TdpzPdvnEDSwFvs6KV0TCx3pxKRMDuaos= Received: from tb-mx0.topicbox.com (localhost.local [127.0.0.1]) by tb-mx0.topicbox.com (Postfix) with ESMTP id 3A9DD9A5A9 for <9fans@9fans.net>; Sat, 28 Oct 2023 11:11:00 -0400 (EDT) (envelope-from edou@rdklein.fr) Received: from tb-mx0.topicbox.com (localhost [127.0.0.1]) by tb-mx0.topicbox.com (Authentication Milter) with ESMTP id F8567920EAC; Sat, 28 Oct 2023 11:11:00 -0400 ARC-Seal: i=2; a=rsa-sha256; cv=pass; d=topicbox.com; s=arcseal; t= 1698505860; b=HkpKM4vtRdKXzQIFI5jdHmpdpIRF5rIzKi8pV2m/xGywMW2AM1 XkKS8YX7cPxOdmXqfckG7a4QOe8LGjP7xaiaqyqPJyEOLNjPwB5g5kA6fYJdehkM YbRvSMMxDY/aSD+BiE7fye1rWO2OPbD5/iq0r+bxI28FNsddii+zERIFpwxxPPpD uiuhoNL6KNvFqmVFKVHe1Vhwmj7Y95rDUTRXqqPR1GHGXARm3cZS30rf8Fk7dFGi OkL5RhtjbCDXMSwfNBc7HiinfB0bROHQ0MUlR4ZCqS7//mH0av1yQySTvwR4TSnV NUSLyryq2DHoBUfGeyFQ6bY1TnSyZI4FVjtA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d= topicbox.com; h=references:from:to:cc:subject:date:in-reply-to :message-id:mime-version:content-type; s=arcseal; t=1698505860; bh=PGB4uEHkwxE65oGyodBJYmTKKdh9BLunOk8tq1JC7Vw=; b=KeSPY5+hAcYR sDzsTTLSYj/39WN7dipX8p4u/HfGPhTCXIt6qMFpVWjrlAmamn4hW2ZHf55IER/l hch8z45Lv7msLvlrZwxJqKjX2OJv1w1W1W/gllthKro9nKs1vCh69Aas5xgks/BQ f2bQG3o7anBCOpGTRuih484a24xCYQ10MIAc9Rxa+s20jrPoMWD/uEVQu+UnZYRV D21rCH1+po5whGoqWXqNw2fGqtix+GzpDxYQ4N37knljLDK/RqSyWa/viEl+2RKt /qkQFHVbPfk0NHx/Z/pCElF5eBFQ4Y9EGtTG3L2iom/zDcg3DX1u8HEi6eGChQzW Bo7laa1X3A== ARC-Authentication-Results: i=2; tb-mx0.topicbox.com; arc=pass (as.1.zohomail.eu=pass, ams.1.zohomail.eu=pass) smtp.remote-ip=136.143.169.9; bimi=skipped (DMARC did not pass); dkim=pass (2048-bit rsa key sha256) header.d=rdklein.fr header.i=edou@rdklein.fr header.b=S5ywwrxW header.a=rsa-sha256 header.s=zoho x-bits=2048; dmarc=none policy.published-domain-policy=none policy.applied-disposition=none policy.evaluated-disposition=none (p=none,d=none,d.eval=none) policy.policy-from=p header.from=rdklein.fr; iprev=pass smtp.remote-ip=136.143.169.9 (sender-op-o9.zoho.eu); spf=pass smtp.mailfrom=edou@rdklein.fr smtp.helo=sender-op-o9.zoho.eu; x-aligned-from=pass (Address match); x-me-sender=none; x-ptr=pass smtp.helo=sender-op-o9.zoho.eu policy.ptr=sender-op-o9.zoho.eu; x-return-mx=pass header.domain=rdklein.fr policy.is_org=yes (MX Records found: mx2.zoho.eu,mx.zoho.eu,mx3.zoho.eu); x-return-mx=pass smtp.domain=rdklein.fr policy.is_org=yes (MX Records found: mx2.zoho.eu,mx.zoho.eu,mx3.zoho.eu); x-tls=pass smtp.version=TLSv1.2 smtp.cipher=ECDHE-RSA-AES256-GCM-SHA384 smtp.bits=256/256; x-vs=clean score=0 state=0 X-ME-VSCause: gggruggvucftvghtrhhoucdtuddrgedvkedrleeigdeitdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecunecujfgurhepfhgfhffvve fuffgjkfggtgesthdtredttdertdenucfhrhhomhepgfguohhurghrugcumfhlvghinhcu oegvughouhesrhgukhhlvghinhdrfhhrqeenucggtffrrghtthgvrhhnpeefgeehkeeugf euhfevjeetuddtteevhfeuuefhtdeiueekgfektdehueeikefhueenucffohhmrghinhep khgvrhhnvghlrdhorhhgnecukfhppedufeeirddugeefrdduieelrdelpddujeeirdduge ehrdekfedrvdduvdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepihhnvght pedufeeirddugeefrdduieelrdelpdhhvghlohepshgvnhguvghrqdhophdqohelrdiioh hhohdrvghupdhmrghilhhfrhhomhepoegvughouhesrhgukhhlvghinhdrfhhrqe X-ME-VSScore: 0 X-ME-VSCategory: clean Received-SPF: pass (rdklein.fr: Sender is authorized to use 'edou@rdklein.fr' in 'mfrom' identity (mechanism 'include:zoho.eu' matched)) receiver=tb-mx0.topicbox.com; identity=mailfrom; envelope-from="edou@rdklein.fr"; helo=sender-op-o9.zoho.eu; client-ip=136.143.169.9 Received: from sender-op-o9.zoho.eu (sender-op-o9.zoho.eu [136.143.169.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by tb-mx0.topicbox.com (Postfix) with ESMTPS for <9fans@9fans.net>; Sat, 28 Oct 2023 11:10:57 -0400 (EDT) (envelope-from edou@rdklein.fr) ARC-Seal: i=1; a=rsa-sha256; t=1698505855; cv=none; d=zohomail.eu; s=zohoarc; b=QxRamIjgiAJXSl7NbO6mffntfY2upid9DwraIM1mygCYq8mjBYr8fYB+OC9WTMBjOboBPnNtN/nvWcRF+B5LdSxay6LC+ns1ZarIGBHAe9mVRbknY4RGLrweAkzi+YZxoccV4STyKgiD+I+9ADwlxAV/EbGaKrGk1aD9TET4bWE= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.eu; s=zohoarc; t=1698505855; h=Content-Type:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=PGB4uEHkwxE65oGyodBJYmTKKdh9BLunOk8tq1JC7Vw=; b=SrbaAucq27yN0BInBG+CD9SfgpQ90yOozaxQtkfknSvk9j7/bxxO+QS+PBhr9jrAlKS+AXloAitbK/DWcfg4o7Rzfiz4HPxt1r4jYAcETXKwNfxXDAeB84pqNjeuuqk2LrEjOGS1+ItyfVqxmg8wzmAGihXO3HVwnDy9Cp/OON4= ARC-Authentication-Results: i=1; mx.zohomail.eu; dkim=pass header.i=rdklein.fr; spf=pass smtp.mailfrom=edou@rdklein.fr; dmarc=pass header.from= Received: from venerable (dl977-h01-176-145-83-212.dsl.sta.abo.bbox.fr [176.145.83.212]) by mx.zoho.eu with SMTPS id 1698505852580354.1248348466469; Sat, 28 Oct 2023 17:10:52 +0200 (CEST) References: <87jzr8rqwh.fsf@rdklein.fr> <16984244950.678D8a2.80641@composer.9fans.topicbox.com> User-agent: mu4e 1.8.9; emacs 28.2 From: Edouard Klein To: 9fans <9fans@9fans.net> Cc: moody@posixcafe.org Subject: Re: [9fans] Re: Mounting a 9P filesystem under a Linux "user namespace" Date: Sat, 28 Oct 2023 17:05:10 +0200 In-reply-to: <16984244950.678D8a2.80641@composer.9fans.topicbox.com> Message-ID: <87v8aqbx57.fsf@rdklein.fr> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-ZohoMailClient: External Topicbox-Policy-Reasoning: allow: sender is a member Topicbox-Message-UUID: 38d43afe-75a4-11ee-876e-c4e9fe8b7b06 Archived-At: =?UTF-8?B?PGh0dHBzOi8vOWZhbnMudG9waWNib3guY29tL2dyb3Vwcy85?= =?UTF-8?B?ZmFucy9UYjVkMDM5ZjY3NWM1NDA0Ni1NNzQyOWIzM2I1ZGFkZTgyYTdhMTM4?= =?UTF-8?B?MzlkPg==?= List-Help: List-Id: "9fans" <9fans.9fans.net> List-Post: List-Software: Topicbox v0 List-Subscribe: Precedence: list Reply-To: 9fans <9fans@9fans.net> Content-Transfer-Encoding: quoted-printable List-Unsubscribe: , Topicbox-Delivery-ID: 2:9fans:437d30aa-c441-11e9-8a57-d036212d11b0:522be890-2105-11eb-b15e-8d699134e1fa:M7429b33b5dade82a7a13839d:1:Sj9cjDTE6u3X4zne5JhhD-GUjWAMS6jbYjfyPixHoHU Thanks Moody for the nudge in a direction I hadn't explored. It seems that Linux does not see 9p as been safe to mount without privilege. From what I understand, only FS with the FS_USERNS_MOUNT flag can be mounted in a user namespace. It seems that v9fs is not one of them: For example, tmpfs is a safe FS, and I can do: unshare --user --map-root-user --mount mount -t tmpfs tmpfs mnt/mnt1/ and it works. However, if I do: unshare --user --map-root-user --mount mount -t 9p -o trans=3Dunix /run/9p/srv4 mnt/mnt1 I get mount: /home/edouard/mnt/mnt1: permission denied. I've sent an email to the linux kernel mailing list to see if somebody there has any up to date information. Somebody tried the same thing in 2018: https://lore.kernel.org/all/39b08c53-3449-3164-c1b1-44ac587dd4ea@metux.net/= T/ Seemingly without succeeding. The end of the above thread is a bit worrying: > plan9fs would > also be a candidate for that kind of treatment if it had a maintainer. I did not know v9fs was unmaintained, I find that a bit surprising. It does work very reliably. I'll keep this list updated as I make progress. Cheers, Edouard moody@posixcafe.org writes: > Edouard, > > I am no Linux expert, but I think if you create a mount namespace as part= of the user namespace you will be allowed to execute mounts without root. = In terms of clients, I am not aware > of any other then the one within the linux kernel. > > Regards, > Moody > 9fans / 9fans / see discussions + participants + delivery options Permali= nk ------------------------------------------ 9fans: 9fans Permalink: https://9fans.topicbox.com/groups/9fans/Tb5d039f675c54046-M7429b= 33b5dade82a7a13839d Delivery options: https://9fans.topicbox.com/groups/9fans/subscription