* RFC: erofs-utils:mkfs: add unprivileged container use-case support @ 2022-08-09 17:59 Naoto Yamaguchi 2022-08-09 18:14 ` Gao Xiang 0 siblings, 1 reply; 9+ messages in thread From: Naoto Yamaguchi @ 2022-08-09 17:59 UTC (permalink / raw) To: linux-erofs Hi all. I investigate each read only filesystem for linux at linux container use-case. The erofs is most interesting filesystem. A each files of guest root filesystem need to shift uid/gid in case of unprivileged container to use uid/gid namespace. I work adding uid/gid offsetting support to erofs-utils mkfs tool now. Will be this patch accept in upstream community? Thanks, Naoto Yamaguchi, a member of Automotive Grade Linux Instrument Cluster EG. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: RFC: erofs-utils:mkfs: add unprivileged container use-case support 2022-08-09 17:59 RFC: erofs-utils:mkfs: add unprivileged container use-case support Naoto Yamaguchi @ 2022-08-09 18:14 ` Gao Xiang 2022-08-09 18:21 ` Gao Xiang 2022-08-09 18:37 ` Naoto Yamaguchi 0 siblings, 2 replies; 9+ messages in thread From: Gao Xiang @ 2022-08-09 18:14 UTC (permalink / raw) To: Naoto Yamaguchi; +Cc: linux-erofs Hi Naoto, On Wed, Aug 10, 2022 at 02:59:42AM +0900, Naoto Yamaguchi wrote: > Hi all. > > I investigate each read only filesystem for linux at linux container > use-case. The erofs is most interesting filesystem. First of all, many thanks for your interest! Yes, now EROFS is actively developing for container use cases as well, and we're happy to accept/maintain any useful features about this area! > A each files of guest root filesystem need to shift uid/gid in case of > unprivileged container to use uid/gid namespace. I work adding > uid/gid offsetting support to erofs-utils mkfs tool now. > Will be this patch accept in upstream community? Could you give more details about this? EROFS already supports idmapped mount for container use cases since 5.19, so I guess uid/gid offsets can be set by this? I'm still somewhat new to container world, it would be helpful to drop more hints of this ;) Thanks, Gao Xiang > > Thanks, > Naoto Yamaguchi, > a member of Automotive Grade Linux Instrument Cluster EG. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: RFC: erofs-utils:mkfs: add unprivileged container use-case support 2022-08-09 18:14 ` Gao Xiang @ 2022-08-09 18:21 ` Gao Xiang 2022-08-09 18:37 ` Naoto Yamaguchi 1 sibling, 0 replies; 9+ messages in thread From: Gao Xiang @ 2022-08-09 18:21 UTC (permalink / raw) To: Naoto Yamaguchi, linux-erofs On Wed, Aug 10, 2022 at 02:14:09AM +0800, Gao Xiang wrote: > Hi Naoto, > > On Wed, Aug 10, 2022 at 02:59:42AM +0900, Naoto Yamaguchi wrote: > > Hi all. > > > > I investigate each read only filesystem for linux at linux container > > use-case. The erofs is most interesting filesystem. > > First of all, many thanks for your interest! Yes, now EROFS is actively > developing for container use cases as well, and we're happy to > accept/maintain any useful features about this area! > > > A each files of guest root filesystem need to shift uid/gid in case of > > unprivileged container to use uid/gid namespace. I work adding > > uid/gid offsetting support to erofs-utils mkfs tool now. > > Will be this patch accept in upstream community? > > Could you give more details about this? EROFS already supports idmapped > mount for container use cases since 5.19, so I guess uid/gid offsets > can be set by this? Oh, I guess I've got this. Yeah, I'm fine to introduce something like uid or gid offsets as two long options if needed. ;) Thanks, Gao Xiang > > I'm still somewhat new to container world, it would be helpful to drop > more hints of this ;) > > Thanks, > Gao Xiang > > > > > Thanks, > > Naoto Yamaguchi, > > a member of Automotive Grade Linux Instrument Cluster EG. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: RFC: erofs-utils:mkfs: add unprivileged container use-case support 2022-08-09 18:14 ` Gao Xiang 2022-08-09 18:21 ` Gao Xiang @ 2022-08-09 18:37 ` Naoto Yamaguchi 2022-08-09 18:47 ` Gao Xiang 1 sibling, 1 reply; 9+ messages in thread From: Naoto Yamaguchi @ 2022-08-09 18:37 UTC (permalink / raw) To: Naoto Yamaguchi, linux-erofs Hi Gao Thank you for your response. > Could you give more details about this? EROFS already supports idmapped > mount for container use cases since 5.19, so I guess uid/gid offsets > can be set by this? It's good news for me. I investigated LTS version 5.10 and 5.15. I didn’t know this new feature. My work detail, it's easy to share experimental patch in my github. https://github.com/AGLExport/erofs-utils/commit/d9080b80152c2f9065d98a7a2ac36912c74657ac That will use combination with lxc idmap option. ex: Image creation mkafs.erofs --uid-offset=100000 --gid-offset=100000 ..... Lxc config lxc.idmap = u 0 100000 65536 lxc.idmap = g 0 100000 65536 Thanks, Naoto Yamaguchi, a member of Automotive Grade Linux Instrument Cluster EG. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: RFC: erofs-utils:mkfs: add unprivileged container use-case support 2022-08-09 18:37 ` Naoto Yamaguchi @ 2022-08-09 18:47 ` Gao Xiang 2022-08-11 23:04 ` Naoto Yamaguchi 0 siblings, 1 reply; 9+ messages in thread From: Gao Xiang @ 2022-08-09 18:47 UTC (permalink / raw) To: Naoto Yamaguchi; +Cc: linux-erofs On Wed, Aug 10, 2022 at 03:37:59AM +0900, Naoto Yamaguchi wrote: > Hi Gao > > Thank you for your response. > > > Could you give more details about this? EROFS already supports idmapped > > mount for container use cases since 5.19, so I guess uid/gid offsets > > can be set by this? > > It's good news for me. I investigated LTS version 5.10 and 5.15. I > didn’t know this new feature. > > My work detail, it's easy to share experimental patch in my github. > https://github.com/AGLExport/erofs-utils/commit/d9080b80152c2f9065d98a7a2ac36912c74657ac The patch itself looks good to me (some minor, should we use signed integers instead? I'm not sure if some use cases need to shift down instead.. Also need to add some words to mkfs manpage). Feel free to submit patch, thanks for contribution in advance! Thanks, Gao Xiang > > That will use combination with lxc idmap option. > > ex: > Image creation > mkafs.erofs --uid-offset=100000 --gid-offset=100000 ..... > > Lxc config > lxc.idmap = u 0 100000 65536 > lxc.idmap = g 0 100000 65536 > > > Thanks, > Naoto Yamaguchi, > a member of Automotive Grade Linux Instrument Cluster EG. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: RFC: erofs-utils:mkfs: add unprivileged container use-case support 2022-08-09 18:47 ` Gao Xiang @ 2022-08-11 23:04 ` Naoto Yamaguchi 2022-08-12 1:29 ` Gao Xiang 2022-08-12 1:49 ` Yue Hu 0 siblings, 2 replies; 9+ messages in thread From: Naoto Yamaguchi @ 2022-08-11 23:04 UTC (permalink / raw) To: Gao Xiang; +Cc: linux-erofs Hi Gao I created patch for submit, but it couldn't send using git send-email. Google updated security, it blocked smtp based send email by git maybe.... Can I submit using github pull request to https://github.com/hsiangkao/erofs-utils ? Thanks, Naoto Yamaguchi, a member of Automotive Grade Linux Instrument Cluster EG. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: RFC: erofs-utils:mkfs: add unprivileged container use-case support 2022-08-11 23:04 ` Naoto Yamaguchi @ 2022-08-12 1:29 ` Gao Xiang 2022-08-12 1:49 ` Yue Hu 1 sibling, 0 replies; 9+ messages in thread From: Gao Xiang @ 2022-08-12 1:29 UTC (permalink / raw) To: Naoto Yamaguchi; +Cc: linux-erofs Hi Naoto, On Fri, Aug 12, 2022 at 08:04:40AM +0900, Naoto Yamaguchi wrote: > Hi Gao > > I created patch for submit, but it couldn't send using git > send-email. Google updated security, it blocked smtp based send > email by git maybe.... I'm not a gmail heavy user, but I remember it has an `app password`? Also you could use other email clients like mutt or thunderbird in plain text (as long as such email clients don't break the patch.) If none of these work, you could also submit a pull request with your signed-off-by and I will cherry-pick this, yet I think most linux-kernel related projects don't directly use github honestly. Thanks, Gao Xiang > > Can I submit using github pull request to > https://github.com/hsiangkao/erofs-utils ? > > Thanks, > Naoto Yamaguchi, > a member of Automotive Grade Linux Instrument Cluster EG. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: RFC: erofs-utils:mkfs: add unprivileged container use-case support 2022-08-11 23:04 ` Naoto Yamaguchi 2022-08-12 1:29 ` Gao Xiang @ 2022-08-12 1:49 ` Yue Hu 2022-08-14 2:33 ` Naoto Yamaguchi 1 sibling, 1 reply; 9+ messages in thread From: Yue Hu @ 2022-08-12 1:49 UTC (permalink / raw) To: Naoto Yamaguchi; +Cc: Gao Xiang, linux-erofs Hi Naoto, On Fri, 12 Aug 2022 08:04:40 +0900 Naoto Yamaguchi <wata2ki@gmail.com> wrote: > Hi Gao > > I created patch for submit, but it couldn't send using git > send-email. Google updated security, it blocked smtp based send > email by git maybe.... As Xiang said, check below about 'app password' if you want: https://fmsinc.com/MicrosoftAccess/email/smtp/app-password/index.htm Thanks. > > Can I submit using github pull request to > https://github.com/hsiangkao/erofs-utils ? > > Thanks, > Naoto Yamaguchi, > a member of Automotive Grade Linux Instrument Cluster EG. ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: RFC: erofs-utils:mkfs: add unprivileged container use-case support 2022-08-12 1:49 ` Yue Hu @ 2022-08-14 2:33 ` Naoto Yamaguchi 0 siblings, 0 replies; 9+ messages in thread From: Naoto Yamaguchi @ 2022-08-14 2:33 UTC (permalink / raw) To: Yue Hu; +Cc: Gao Xiang, linux-erofs Thank you Gao and Yue I success to submit patch using app password. Very thank you for your support. Thanks, Naoto Yamaguchi, a member of Automotive Grade Linux Instrument Cluster EG. 2022年8月12日(金) 10:47 Yue Hu <zbestahu@gmail.com>: > > Hi Naoto, > > On Fri, 12 Aug 2022 08:04:40 +0900 > Naoto Yamaguchi <wata2ki@gmail.com> wrote: > > > Hi Gao > > > > I created patch for submit, but it couldn't send using git > > send-email. Google updated security, it blocked smtp based send > > email by git maybe.... > > As Xiang said, check below about 'app password' if you want: > > https://fmsinc.com/MicrosoftAccess/email/smtp/app-password/index.htm > > Thanks. > > > > > Can I submit using github pull request to > > https://github.com/hsiangkao/erofs-utils ? > > > > Thanks, > > Naoto Yamaguchi, > > a member of Automotive Grade Linux Instrument Cluster EG. > ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2022-08-14 2:34 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2022-08-09 17:59 RFC: erofs-utils:mkfs: add unprivileged container use-case support Naoto Yamaguchi 2022-08-09 18:14 ` Gao Xiang 2022-08-09 18:21 ` Gao Xiang 2022-08-09 18:37 ` Naoto Yamaguchi 2022-08-09 18:47 ` Gao Xiang 2022-08-11 23:04 ` Naoto Yamaguchi 2022-08-12 1:29 ` Gao Xiang 2022-08-12 1:49 ` Yue Hu 2022-08-14 2:33 ` Naoto Yamaguchi
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.