All of lore.kernel.org
 help / color / mirror / Atom feed
From: Alin Dobre <alin.dobre@elastichosts.com>
To: linux-fsdevel@vger.kernel.org,
	containers@lists.linux-foundation.org,
	v9fs-developer@lists.sourceforge.net,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Eric Van Hensbergen <ericvh@gmail.com>
Subject: User namespace over 9p
Date: Tue, 27 May 2014 11:25:08 +0100	[thread overview]
Message-ID: <53846804.6080408@elastichosts.com> (raw)

Hello,

Continuing the struggle to run containers over the 9p filesystem I am
now running into another issue.

A simple container with user namespace mapping UID -2 (4294967294) to
root can run a container image found in /tmp/src without any problems.
When I export that /tmp/src path via 9p and mount it in /tmp/dst,
running the same container over /tmp/dst fails to allow chown (and
probably chmod) system calls to be successful. This happens because 9p
considers that the UID which runs the system calls is actually -2, but
it's actually 0, because the lchown system call is run inside the
namespace, not outside it. So, 9p should consider that the UID which
does the system call is root.

Do I understand this correctly as a problem, or does it work as
intended? If latter, do you have any insights on how to achieve running
containers in this scenario?

Cheers,
Alin.

             reply	other threads:[~2014-05-27 10:24 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-05-27 10:25 Alin Dobre [this message]
     [not found] ` <53846804.6080408-1hSFou9RDDldEee+Cai+ZQ@public.gmane.org>
2014-05-27 10:39   ` User namespace over 9p Eric W. Biederman
     [not found]     ` <87fvjvpksl.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-05-27 10:51       ` Alin Dobre
2014-06-10 12:58       ` Alin Dobre
     [not found]         ` <539700EC.5010407-1hSFou9RDDldEee+Cai+ZQ@public.gmane.org>
2014-06-11 23:14           ` Eric W. Biederman
2014-05-27 10:51     ` Alin Dobre
  -- strict thread matches above, loose matches on Subject: below --
2014-05-27 10:25 Alin Dobre

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=53846804.6080408@elastichosts.com \
    --to=alin.dobre@elastichosts.com \
    --cc=containers@lists.linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=ericvh@gmail.com \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=v9fs-developer@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.