From: Joel Becker <jlbec-aKy9MeLSZ9dg9hUCZPvPmw@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
Mark Fasheh <mfasheh-IBi9RG/b67k@public.gmane.org>,
Linux Containers
<containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org>,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH RFC 09/12] userns: Convert ocfs2 to use kuid and kgid where appropriate
Date: Wed, 21 Nov 2012 11:59:41 -0800 [thread overview]
Message-ID: <20121121195940.GO2822@localhost> (raw)
In-Reply-To: <1353415420-5457-9-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
On Tue, Nov 20, 2012 at 04:43:37AM -0800, Eric W. Biederman wrote:
> diff --git a/fs/ocfs2/acl.c b/fs/ocfs2/acl.c
> index 260b162..8a40457 100644
> --- a/fs/ocfs2/acl.c
> +++ b/fs/ocfs2/acl.c
> @@ -65,7 +65,20 @@ static struct posix_acl *ocfs2_acl_from_xattr(const void *value, size_t size)
>
> acl->a_entries[n].e_tag = le16_to_cpu(entry->e_tag);
> acl->a_entries[n].e_perm = le16_to_cpu(entry->e_perm);
> - acl->a_entries[n].e_id = le32_to_cpu(entry->e_id);
> + switch(acl->a_entries[n].e_tag) {
> + case ACL_USER:
> + acl->a_entries[n].e_uid =
> + make_kuid(&init_user_ns,
> + le32_to_cpu(entry->e_id));
> + break;
Stupid question: do you consider disjoint namespaces on multiple
machines to be a problem? Remember that ocfs2 is a cluster filesystem.
If I have uid 100 on machine A in the default namespace, and then I
mount the filesystem on machine B with uid 100 in a different namespace,
what happens? I presume that both can access as the same nominal uid,
and configuring this correctly is left as an exercise to the namespace
administrator?
> diff --git a/fs/ocfs2/dlmglue.c b/fs/ocfs2/dlmglue.c
> index 4f7795f..f99af1c 100644
> --- a/fs/ocfs2/dlmglue.c
> +++ b/fs/ocfs2/dlmglue.c
> @@ -2045,8 +2045,8 @@ static void __ocfs2_stuff_meta_lvb(struct inode *inode)
> lvb->lvb_version = OCFS2_LVB_VERSION;
> lvb->lvb_isize = cpu_to_be64(i_size_read(inode));
> lvb->lvb_iclusters = cpu_to_be32(oi->ip_clusters);
> - lvb->lvb_iuid = cpu_to_be32(inode->i_uid);
> - lvb->lvb_igid = cpu_to_be32(inode->i_gid);
> + lvb->lvb_iuid = cpu_to_be32(i_uid_read(inode));
> + lvb->lvb_igid = cpu_to_be32(i_gid_read(inode));
I have the reverse question here. Are we guaranteed that the
on-disk uid/gid will not change regardless of the namespace? That is,
if I create a file on machine A in init_user_ns as uid 100, then access
it over on machine B in some other namespace with a user-visible uid of
100, will the wire be passing 100 in both directions? This absolutely
must be true for the cluster communication to work.
Joel
--
Life's Little Instruction Book #80
"Slow dance"
http://www.jlbec.org/
jlbec-aKy9MeLSZ9dg9hUCZPvPmw@public.gmane.org
next prev parent reply other threads:[~2012-11-21 19:59 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-11-20 12:42 [PATCH RFC 0/12] Final userns conversions Eric W. Biederman
[not found] ` <87pq38wimv.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-20 12:43 ` [PATCH RFC 01/12] userns: Support 9p interacting with multiple user namespaces Eric W. Biederman
[not found] ` <1353415420-5457-1-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-20 12:43 ` [PATCH RFC 02/12] userns: Convert afs to use kuid/kgid where appropriate Eric W. Biederman
2012-11-20 12:43 ` [PATCH RFC 03/12] userns: Convert ceph " Eric W. Biederman
2012-11-20 16:48 ` Sage Weil
[not found] ` <alpine.DEB.2.00.1211200847110.7369-vIokxiIdD2AQNTJnQDzGJqxOck334EZe@public.gmane.org>
2012-11-20 17:15 ` Eric W. Biederman
2012-11-20 12:43 ` [PATCH RFC 04/12] userns: Convert cifs " Eric W. Biederman
[not found] ` <1353415420-5457-4-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-20 16:56 ` Steve French
2012-11-20 17:22 ` Eric W. Biederman
2012-11-25 12:47 ` Jeff Layton
2012-11-20 12:43 ` [PATCH RFC 05/12] userns: Convert coda's " Eric W. Biederman
2012-11-20 12:43 ` [PATCH RFC 06/12] userns: Convert gfs2 " Eric W. Biederman
[not found] ` <1353415420-5457-6-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-22 9:47 ` Steven Whitehouse
2012-11-20 12:43 ` [PATCH RFC 07/12] userns: Convert ncpfs to use kuid and kgid " Eric W. Biederman
2012-11-20 12:43 ` [PATCH RFC 08/12] userns: Convert nfs and nfsd to use kuid/kgid " Eric W. Biederman
2012-11-20 12:43 ` [PATCH RFC 09/12] userns: Convert ocfs2 to use kuid and kgid " Eric W. Biederman
2012-11-21 19:51 ` Joel Becker
2013-02-13 17:12 ` Eric W. Biederman
[not found] ` <1353415420-5457-9-git-send-email-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2012-11-21 19:59 ` Joel Becker [this message]
2013-02-13 17:41 ` Eric W. Biederman
2012-11-20 12:43 ` [PATCH RFC 10/12] userns: Convert xfs to use kuid/kgid/kprojid " Eric W. Biederman
2012-11-20 23:55 ` Dave Chinner
2012-11-21 19:52 ` Joel Becker
2013-02-13 18:13 ` Eric W. Biederman
[not found] ` <87obfoxetf.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-02-14 2:19 ` Dave Chinner
2013-02-18 1:25 ` Eric W. Biederman
[not found] ` <87621qpg4o.fsf-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
2013-02-19 3:30 ` Dave Chinner
2012-11-20 12:43 ` [PATCH RFC 11/12] userns: Now that everything has been converted remove the unnecessary infrastructure Eric W. Biederman
2012-11-20 12:43 ` [PATCH RFC 12/12] userns: Remove the EXPERMINTAL kconfig tag Eric W. Biederman
2012-11-21 0:09 ` [PATCH RFC 0/12] Final userns conversions Dave Chinner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20121121195940.GO2822@localhost \
--to=jlbec-aky9melsz9dg9huczpvpmw@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=mfasheh-IBi9RG/b67k@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).