From: "Serge E. Hallyn" <serge@hallyn.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linux Containers <containers@lists.linux-foundation.org>,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: Re: Use cases for multiple uid mapping?
Date: Tue, 1 Sep 2020 01:06:31 -0500 [thread overview]
Message-ID: <20200901060631.GA5193@mail.hallyn.com> (raw)
In-Reply-To: <87zh6eiyv7.fsf@x220.int.ebiederm.org>
On Fri, Aug 28, 2020 at 10:17:16AM -0500, Eric W. Biederman wrote:
>
> We had a discussion in the hackroom at LPC talking about use cases for
> a shiftfs style setup where there are different mappings of uids to
> disk.
>
> In the discussion we had a couple of ideas of kernel developments
> we should look at that address some of these.
>
> - Fix rlimits in user namespaces (This potentially allows multiple
> containers to run with the same userids simplifying the mapping
> problem).
>
> - Look at extending kuid_t to 64bits and using the highbits to
> implement uids that are private to user namespaces and don't
> map out.
>
> - Look at ways for allowing setgroups unprivileged.
>
>
> Together this has the potential that the existing uid & gid mappings
> will be able to function the same as the proposed fusid mappings. Fingers crossed.
>
>
> I had some problems with audio and a lot of people were talking
> quickly. So I did not manage to capture everyone's use cases. And I
> definitely was not able to see how everyone's use cases interacted with
> the changes we are looking at.
>
> I know for certain I missed Serge's usecase (apologies).
>
> Can people follow up to this and report their use cases?
Sorry - I'll do so later this week.
> There are some real challenges and I would like to see if we
> can solve them, while avoiding scary problems like changing
> uids on write.
>
> Eric
>
>
>
>
>
>
>
>
>
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linuxfoundation.org/mailman/listinfo/containers
next prev parent reply other threads:[~2020-09-01 6:07 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-28 15:17 Use cases for multiple uid mapping? Eric W. Biederman
2020-08-28 15:55 ` Stéphane Graber via Containers
2020-08-28 17:03 ` Sargun Dhillon
2020-08-30 5:48 ` James Bottomley
2020-09-01 6:06 ` Serge E. Hallyn [this message]
2020-09-01 14:53 ` Eric W. Biederman
2020-09-24 17:09 ` Alban Crequy
2020-09-25 8:13 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200901060631.GA5193@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=christian.brauner@ubuntu.com \
--cc=containers@lists.linux-foundation.org \
--cc=ebiederm@xmission.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.