From ef559f5542eea6ba021e1800e8416440f134b064 Mon Sep 17 00:00:00 2001 From: Seth Forshee Date: Fri, 22 Jul 2016 11:52:57 -0500 Subject: [PATCH] UBUNTU: SAUCE: (namespace) fuse: Permit requests from other pid namespaces BugLink: http://bugs.launchpad.net/bugs/1605344 As a precaution, the pid namespace support in fuse was written to refuse to send requests from processes whose pid has no mapping into the pid namespace of the userspace fuse process. This has caused a regression for at least one user, who is mounting a fuse filesystem within a container and exporting a file within the fuse fs to the host via a loop device. Change this to send the request when the pid has no mapping and fill in the pid field in the fuse request with 0. This behavior was settled on in consultation with upstream. The risk of doing this is that a fuse fs which receives this invalid pid might not be prepared to handle it, but it would already be receiving pids not valid in its namespace if used in this manner. Signed-off-by: Seth Forshee --- fs/fuse/dev.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c index 11b4cb0..84bdb5d 100644 --- a/fs/fuse/dev.c +++ b/fs/fuse/dev.c @@ -186,8 +186,7 @@ static struct fuse_req *__fuse_get_req(struct fuse_conn *fc, unsigned npages, __set_bit(FR_WAITING, &req->flags); if (for_background) __set_bit(FR_BACKGROUND, &req->flags); - if (req->in.h.pid == 0 || req->in.h.uid == (uid_t)-1 || - req->in.h.gid == (gid_t)-1) { + if (req->in.h.uid == (uid_t)-1 || req->in.h.gid == (gid_t)-1) { fuse_put_request(fc, req); return ERR_PTR(-EOVERFLOW); } -- 2.7.4