Comment 2 for bug 800886

This was discussed on irc; consensus was its fine:

08:53 < hallyn> cool, thanks. yeah i just meant top of head. if research is required i'll go read the code.
08:54 < kees> hallyn: my understanding is that the fuse perms are checked at the kernel level.
08:54 < kees> hallyn: I haven't though much about how that might behave with a container, though.
08:54 < kees> in _theory_, it should be fine, but I've never tested it
08:55 < hallyn> kees: oh i wasn't even thinking about uid translations over namespaces. (that'll be my job :)
08:55 < hallyn> kees: I'm wondering how... 'rich' the API over /dev/fuse is. Do you trust people who connect to it?
08:56 < hallyn> kees: or does it have a small, ilmited API that I can sort of trust
08:56 < hallyn> by 'do you trust people' i meant 'do you *have* to trust people'
09:02 < kees> hallyn: well, it's designed for non-root users, but I haven't spent any time auditing it.
09:03 < hallyn> kees: so it's world writeable usually?
09:03 < hallyn> so it is
09:03 < kees> hallyn: yes
09:03 < hallyn> so why would i worry about it
09:03 < hallyn> kees: thx :)
09:03 < kees> heh, np
09:03 < hallyn> of course,
09:03 < hallyn> i assume th kernel code checks uids. but again that just means its up to me to clean that up when time comes
09:03 < hallyn> neaty
09:03 < hallyn> neato, even