)]}'
{
  "commit": "dc3a15cdd190112022ac6b7b54304efb2b76454e",
  "tree": "837c44ca6029aae35fa92c3a067fb3d96dcd0f0d",
  "parents": [
    "8b70761d058cf87c9dc3f7b962fbf3c79dc61b1c"
  ],
  "author": {
    "name": "Seth Forshee",
    "email": "seth.forshee@canonical.com",
    "time": "Fri Dec 22 15:32:33 2017 +0100"
  },
  "committer": {
    "name": "Eric W. Biederman",
    "email": "ebiederm@xmission.com",
    "time": "Mon Feb 26 17:35:04 2018 -0600"
  },
  "message": "fuse: Restrict allow_other to the superblock\u0027s namespace or a descendant\n\nUnprivileged users are normally restricted from mounting with the\nallow_other option by system policy, but this could be bypassed\nfor a mount done with user namespace root permissions. In such\ncases allow_other should not allow users outside the userns\nto access the mount as doing so would give the unprivileged user\nthe ability to manipulate processes it would otherwise be unable\nto manipulate. Restrict allow_other to apply to users in the same\nuserns used at mount or a descendant of that namespace. Also\nexport current_in_userns() for use by fuse when built as a\nmodule.\n\nCc: linux-fsdevel@vger.kernel.org\nCc: linux-kernel@vger.kernel.org\nCc: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nCc: Serge Hallyn \u003cserge@hallyn.com\u003e\nCc: Miklos Szeredi \u003cmszeredi@redhat.com\u003e\nAcked-by: Miklos Szeredi \u003cmszeredi@redhat.com\u003e\nReviewed-by: Serge Hallyn \u003cserge@hallyn.com\u003e\nReviewed-by: \"Eric W. Biederman\" \u003cebiederm@xmission.com\u003e\nSigned-off-by: Seth Forshee \u003cseth.forshee@canonical.com\u003e\nSigned-off-by: Dongsu Park \u003cdongsu@kinvolk.io\u003e\nSigned-off-by: Eric W. Biederman \u003cebiederm@xmission.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "79cca1687457ac8cb607c5327b2cd5524a8a1aa7",
      "old_mode": 33188,
      "old_path": "fs/fuse/dir.c",
      "new_id": "0cbd1ff3dd48928c6135a18cf7c116f9a89b5345",
      "new_mode": 33188,
      "new_path": "fs/fuse/dir.c"
    },
    {
      "type": "modify",
      "old_id": "246d4d4ce5c70cde4b5c9ed7fd33f54c1efe5a3e",
      "old_mode": 33188,
      "old_path": "kernel/user_namespace.c",
      "new_id": "492c255e6c5a31ee135004123193310a8e6e3ce2",
      "new_mode": 33188,
      "new_path": "kernel/user_namespace.c"
    }
  ]
}