You can't mount even a fuse filesystem without root privileges (or an equivalent narrow capability). Mount is a privileged operation in linux, and it has to be for the reasons I've outlined.

In plan9 mount is not a privileged operation. Anyone can do it at any time for any reason. It does not impact or interact with the security of the system (except that you can implicitly remove access to things by unmounting them).

Ahh finally a real use case in this thread.

Last time I ran into the “edit an ext4 image as an unprivileged user” problem I used a small VM.

There are people trying to fix this problem and there’s a legitimate reason why it’s hard: https://lwn.net/Articles/755593/

IIRC the patches needed for what’s described in that article are already there on Ubuntu.

I mean, yes? People are 'trying', and they're building an ever higher house of cards on which to rest this functionality. Obviously on a turing complete machine anything is possible given enough LoC, but as we've seen recently with a CVE for privilege escalation that takes advantage of one of these new 'unprivileged user can get privileges in a namespace' tricks, there's a lot of complexity and likely a lot of security issues hiding behind it.

Plan9's design makes all of this very simple, and a big part of why is the specific choice to eschew standard UNIX semantics and use a different kind of mechanism for privilege management that allowed for flexible namespaces managed outside the kernel. It also has the advantage of moving all filesystem operations out of the kernel.

So this really backs up my point, rather than contradicts it: It's only through mitigating and otherwise contradicting traditional POSIX semantics that linux is able to approach this kind of thing.

> moving all filesystem operations out of the kernel

Well yeah, that’s exactly what FUSE + user namespaces does to solve this problem on Linux.

Of course normal filesystems don’t do this because it would be way too slow if the kernel can’t share data structures with the file system.