From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Matt Helsley <matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Cc: Linux Containers <containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org>
Subject: Re: [PATCH 4/6] user namespaces: add user_ns to super block
Date: Mon, 28 Jul 2008 16:03:45 -0700 [thread overview]
Message-ID: <m1skttehm6.fsf@frodo.ebiederm.org> (raw)
In-Reply-To: <1217285230.25300.19.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org> (Matt Helsley's message of "Mon, 28 Jul 2008 15:47:10 -0700")
Matt Helsley <matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> writes:
> Would this require passing the vfsmount to the filesystems themselves,
> or would they be within the VFS code only?
The interesting bit is the user_namespace contained in the vfsmount. We
can pass that down. I think semantically it makes sense for a filesystem
mount to only operate in a single mount namespace.
> If not wholly within the VFS
> I wonder if Al Viro would object to this. He's resisted past attempts to
> pass the vfsmount structs into more filesystem code paths and I'm
> guessing that could affect whether or not this approach can be
> implemented.
Dave Hansen raised that concern when we were talking about it earlier. Since
we just care about a property of the mount it isn't a big deal.
Actually thinking about this a little farther it may be simplest to have the
mnt_namespace capture the user_namespace, although that doesn't seem to map
semantically very well with cloning of the filesystem.
This is very much a question of how do we map the uid/gids store in the filesystem
into the uids/gids in the kernel. Which user namespace do they belong in.
Especially in the case of read only mounts we can safely share a filesystem between
user_namespaces with no changes to the filesystem. Which I suspect is the
first case we want to allow as that is a tremendous savings in space if you have
lots of instances of the same distro, and people have been doing it with /usr
for years.
Eric
next prev parent reply other threads:[~2008-07-28 23:03 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-07-26 0:27 [PATCH 0/6] user namespaces: introduction Serge E. Hallyn
[not found] ` <20080726002700.GA29686-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-26 0:27 ` [PATCH 1/6] user namespaces: introduce user_struct->user_namespace relationship Serge E. Hallyn
[not found] ` <20080726002725.GA29874-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-26 2:07 ` [Devel] " Alexey Dobriyan
[not found] ` <20080726020731.GA5115-QDJVlCTZ4KWTKS93B3g+7KFoa47nwP16@public.gmane.org>
2008-07-26 3:31 ` Serge E. Hallyn
2008-07-26 0:27 ` [PATCH 2/6] user namespaces: move user_ns from nsproxy into user struct Serge E. Hallyn
[not found] ` <20080726002735.GB29874-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-28 21:41 ` Eric W. Biederman
[not found] ` <m1k5f5it4i.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-07-29 17:59 ` Serge E. Hallyn
2008-07-26 0:27 ` [PATCH 3/6] user namespaces: rig generic_permission for simple userns check Serge E. Hallyn
2008-07-26 0:27 ` [PATCH 4/6] user namespaces: add user_ns to super block Serge E. Hallyn
[not found] ` <20080726002754.GD29874-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-28 21:53 ` Eric W. Biederman
[not found] ` <m13altislf.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-07-28 22:47 ` Matt Helsley
[not found] ` <1217285230.25300.19.camel-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2008-07-28 23:03 ` Eric W. Biederman [this message]
[not found] ` <m1skttehm6.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-07-29 18:09 ` Serge E. Hallyn
2008-07-29 18:05 ` Serge E. Hallyn
[not found] ` <20080729180515.GB365-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-07-29 19:22 ` Eric W. Biederman
[not found] ` <m13alscx7e.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-02 0:06 ` Serge E. Hallyn
[not found] ` <20080802000609.GA10211-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2008-08-02 1:49 ` Eric W. Biederman
[not found] ` <m1wsj0i3td.fsf-B27657KtZYmhTnVgQlOflh2eb7JE58TQ@public.gmane.org>
2008-08-03 0:37 ` Serge E. Hallyn
2008-07-26 0:28 ` [PATCH 5/6] user namespaces: refuse create in other user_ns Serge E. Hallyn
2008-07-26 0:28 ` [PATCH 6/6] user_namespace: move put_user_ns outside lock Serge E. Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1skttehm6.fsf@frodo.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=matthltc-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.