From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alin Dobre Subject: User namespace over 9p Date: Tue, 27 May 2014 11:25:08 +0100 Message-ID: <53846804.6080408@elastichosts.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit To: linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, v9fs-developer@lists.sourceforge.net, "Eric W. Biederman" , Eric Van Hensbergen Return-path: Received: from old.lon-b.elastichosts.com ([84.45.121.3]:32956 "EHLO lon-b.elastichosts.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751726AbaE0KYs (ORCPT ); Tue, 27 May 2014 06:24:48 -0400 Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Hello, Continuing the struggle to run containers over the 9p filesystem I am now running into another issue. A simple container with user namespace mapping UID -2 (4294967294) to root can run a container image found in /tmp/src without any problems. When I export that /tmp/src path via 9p and mount it in /tmp/dst, running the same container over /tmp/dst fails to allow chown (and probably chmod) system calls to be successful. This happens because 9p considers that the UID which runs the system calls is actually -2, but it's actually 0, because the lchown system call is run inside the namespace, not outside it. So, 9p should consider that the UID which does the system call is root. Do I understand this correctly as a problem, or does it work as intended? If latter, do you have any insights on how to achieve running containers in this scenario? Cheers, Alin.