[overlay]: enable no privileges

[jessfraz]

requires this Ubuntu kernel patch http://kernel.ubuntu.com/git/ubuntu/ubuntu-artful.git/commit/fs/overlayfs?h=Ubuntu-4.13.0-25.29&id=0a414bdc3d01f3b61ed86cfe3ce8b63a9240eba7

[cyphar]

Eric Biederman has been working recently on getting unprivileged FUSE working. The hope is that this could lead to unprivileged overlay (and other filesystems) as well in upstream kernels. We'll see how that goes though (some Ubuntu folks tried this a while ago and it didn't get merged last time).

[AkihiroSuda]

Do you know why Ubuntu patch was rejected?
Can we resubmit with /proc/sys/unprivileged_userns_overlayfs knob?

[cyphar]

Do you know why Ubuntu patch was rejected?

The maintainer called the patch "very brave". Effectively the concern is that the permissions checks for the copyup logic or other similar features of overlayfs could cause severe security problems. Luckily the concern isn't as major as other filesystems (the only user-provided data is the option string as opposed to an entire block device).

Can we resubmit with /proc/sys/unprivileged_userns_overlayfs knob?

I wouldn't really put money on it, as Eric would probably prefer that we just make overlayfs safe rather than have a knob to enable (potential) root exploits.

[AkihiroSuda]

Thanks for the info.

Also, starting with v0.7 (Ubuntu 18.04), ZFS on Linux allows unprivileged users to manipulate filesystems. (zfs allow).
It should be probably faster and stabler than FUSE overlay.

[cyphar]

Eric has just re-sent the new FUSE patchset.

[alban]

@jessfraz did you do your demo using Ubuntu? To have the patch set to be able to mount FUSE in a non-init userns?

[jessfraz]

The demo was using native, I took away all the mounts today in native as a stop gap til everything else works with mounts :)