From: Dwight Engen <dwight.engen@oracle.com>
To: Serge Hallyn <serge.hallyn@ubuntu.com>
Cc: "Eric W. Biederman" <ebiederm@gmail.com>,
Brian Foster <bfoster@redhat.com>,
"Michael Kerrisk (man-pages)" <mtk.manpages@gmail.com>,
xfs@oss.sgi.com
Subject: Re: [PATCH v2 RFC] userns: Convert xfs to use kuid/kgid where appropriate
Date: Fri, 28 Jun 2013 12:16:21 -0400 [thread overview]
Message-ID: <20130628121621.6a6b6046@oracle.com> (raw)
In-Reply-To: <20130628152552.GB26841@sergelap>
On Fri, 28 Jun 2013 10:25:52 -0500
Serge Hallyn <serge.hallyn@ubuntu.com> wrote:
> Quoting Dave Chinner (david@fromorbit.com):
> > On Thu, Jun 27, 2013 at 08:02:05AM -0500, Serge Hallyn wrote:
> > > Quoting Dave Chinner (david@fromorbit.com):
> > > > On Wed, Jun 26, 2013 at 05:30:17PM -0400, Dwight Engen wrote:
> > > > > On Wed, 26 Jun 2013 12:09:24 +1000
> > > > > Dave Chinner <david@fromorbit.com> wrote:
> > > > > > > We do need to decide on the di_uid that comes back from
> > > > > > > bulkstat. Right now it is returning on disk (==
> > > > > > > init_user_ns) uids. It looks to me like xfsrestore is
> > > > > > > using the normal vfs routines (chown,
> > >
> > > I might not be helpful here, (as despite having used xfs for years
> > > I've not used these features) but feel like I should try based on
> > > what I see in the manpages. Here is my understanding:
> > >
> > > Assume you're a task in a child userns, where you have host uids
> > > 100000-110000 mapped to container uids 0-10000,
> > >
> > > 1. bulkstat is an xfs_ioctl command, right? It should return the
> > > mapped uids (0-10000).
> > >
> > > 2. xfsdump should store the uids as seen in the caller's
> > > namespace. If xfsdump is done from the container, the dump
> > > should show uids 0-10000.
> >
> > So when run from within a namespace, it should filter and return
> > only inodes that match the uids/gids mapped into the namespace?
>
> I would think they should all be returned, with uid/gid being -1.
I agree, so I think bulkstat should return the uids with
from_kuid_munged(current_user_ns(), VFS_I(ip)), so it returns the
same values that stat(2) would. This would mean callers in
init_user_ns see the same values they do today. Callers inside
a userns will see mapped values, but note that they have to be
CAP_SYS_ADMIN in init_user_ns, which I wouldn't expect to normally be
the case.
_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs
next prev parent reply other threads:[~2013-06-28 16:16 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-19 15:09 [PATCH] userns: Convert xfs to use kuid/kgid where appropriate Dwight Engen
2013-06-19 20:35 ` Eric W. Biederman
2013-06-20 1:41 ` Dave Chinner
2013-06-20 13:54 ` Dwight Engen
2013-06-20 21:10 ` Dave Chinner
2013-06-20 0:13 ` Dave Chinner
2013-06-20 13:54 ` Dwight Engen
2013-06-20 15:27 ` Brian Foster
2013-06-20 17:39 ` Dwight Engen
2013-06-20 19:12 ` Brian Foster
2013-06-20 22:12 ` Dave Chinner
2013-06-20 22:45 ` Eric W. Biederman
2013-06-20 23:35 ` Dave Chinner
2013-06-20 22:03 ` Dave Chinner
2013-06-21 15:14 ` Dwight Engen
2013-06-24 0:33 ` Dave Chinner
2013-06-24 13:10 ` [PATCH v2 RFC] " Dwight Engen
2013-06-25 16:46 ` Brian Foster
2013-06-25 20:08 ` Dwight Engen
2013-06-25 21:04 ` Brian Foster
2013-06-26 2:09 ` Dave Chinner
2013-06-26 21:30 ` Dwight Engen
2013-06-26 22:44 ` Dave Chinner
2013-06-27 13:02 ` Serge Hallyn
2013-06-28 1:54 ` Dave Chinner
2013-06-28 15:25 ` Serge Hallyn
2013-06-28 16:16 ` Dwight Engen [this message]
2013-06-27 20:57 ` Ben Myers
2013-06-28 1:46 ` Dave Chinner
2013-06-28 15:15 ` Serge Hallyn
2013-06-28 14:23 ` Dwight Engen
2013-06-28 15:11 ` [PATCH v3 0/6] " Dwight Engen
2013-06-28 15:11 ` [PATCH 1/6] create wrappers for converting kuid_t to/from uid_t Dwight Engen
2013-06-28 15:11 ` [PATCH 2/6] convert kuid_t to/from uid_t in ACLs Dwight Engen
2013-06-28 15:11 ` [PATCH 3/6] ioctl: check for capabilities in the current user namespace Dwight Engen
2013-06-28 15:11 ` [PATCH 4/6] convert kuid_t to/from uid_t for xfs internal structures Dwight Engen
2013-06-28 15:11 ` [PATCH 5/6] create internal eofblocks structure with kuid_t types Dwight Engen
2013-06-28 18:09 ` Brian Foster
2013-06-28 15:11 ` [PATCH 6/6] ioctl eofblocks: require non-privileged users to specify uid/gid match Dwight Engen
2013-06-28 18:50 ` Brian Foster
2013-06-28 20:28 ` Dwight Engen
2013-06-28 21:39 ` Brian Foster
2013-06-28 23:22 ` Dwight Engen
2013-07-01 12:21 ` Brian Foster
2013-07-06 4:44 ` [PATCH 1/1] export inode_capable Serge Hallyn
2013-07-08 13:09 ` [PATCH v2 RFC] userns: Convert xfs to use kuid/kgid where appropriate Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130628121621.6a6b6046@oracle.com \
--to=dwight.engen@oracle.com \
--cc=bfoster@redhat.com \
--cc=ebiederm@gmail.com \
--cc=mtk.manpages@gmail.com \
--cc=serge.hallyn@ubuntu.com \
--cc=xfs@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.