From: Jeff Layton <jlayton@kernel.org>
To: Josef Bacik <josef@toxicpanda.com>,
linux-fsdevel@vger.kernel.org, brauner@kernel.org,
kernel-team@fb.com
Subject: Re: [PATCH 0/8] Support foreign mount namespace with statmount/listmount
Date: Tue, 25 Jun 2024 09:37:14 -0400 [thread overview]
Message-ID: <c524f7f9546407c912d053e2fe516877fb41aec7.camel@kernel.org> (raw)
In-Reply-To: <cover.1719243756.git.josef@toxicpanda.com>
On Mon, 2024-06-24 at 11:49 -0400, Josef Bacik wrote:
> Hello,
>
> Currently the only way to iterate over mount entries in mount namespaces that
> aren't your own is to trawl through /proc in order to find /proc/$PID/mountinfo
> for the mount namespace that you want. This is hugely inefficient, so extend
> both statmount() and listmount() to allow specifying a mount namespace id in
> order to get to mounts in other mount namespaces.
>
> There are a few components to this
>
> 1. Having a global index of the mount namespace based on the ->seq value in the
> mount namespace. This gives us a unique identifier that isn't re-used.
> 2. Support looking up mount namespaces based on that unique identifier, and
> validating the user has permission to access the given mount namespace.
> 3. Provide a new ioctl() on nsfs in order to extract the unique identifier we
> can use for statmount() and listmount().
>
> The code is relatively straightforward, and there is a selftest provided to
> validate everything works properly.
>
> This is based on vfs.all as of last week, so must be applied onto a tree that
> has Christians error handling rework in this area. If you wish you can pull the
> tree directly here
>
> https://github.com/josefbacik/linux/tree/listmount.combined
>
> Christian and I collaborated on this series, which is why there's patches from
> both of us in this series.
>
> Josef
>
> Christian Brauner (4):
> fs: relax permissions for listmount()
> fs: relax permissions for statmount()
> fs: Allow listmount() in foreign mount namespace
> fs: Allow statmount() in foreign mount namespace
>
> Josef Bacik (4):
> fs: keep an index of current mount namespaces
> fs: export the mount ns id via statmount
> fs: add an ioctl to get the mnt ns id from nsfs
> selftests: add a test for the foreign mnt ns extensions
>
> fs/mount.h | 2 +
> fs/namespace.c | 240 ++++++++++--
> fs/nsfs.c | 14 +
> include/uapi/linux/mount.h | 6 +-
> include/uapi/linux/nsfs.h | 2 +
> .../selftests/filesystems/statmount/Makefile | 2 +-
> .../filesystems/statmount/statmount.h | 46 +++
> .../filesystems/statmount/statmount_test.c | 53 +--
> .../filesystems/statmount/statmount_test_ns.c | 360 ++++++++++++++++++
> 9 files changed, 659 insertions(+), 66 deletions(-)
> create mode 100644 tools/testing/selftests/filesystems/statmount/statmount.h
> create mode 100644 tools/testing/selftests/filesystems/statmount/statmount_test_ns.c
>
Nice work! I had a minor question about the locking, but this all looks
pretty straightfoward.
As a side question. Is there any progress on adding proper glibc
bindings for the new syscalls? We'll want to make sure they incorporate
this change, if that's being done.
Extending listmount() and statmount() via struct mnt_id_req turns out
to be pretty painless. Kudos to whoever designed that part of the
original interfaces!
Reviewed-by: Jeff Layton <jlayton@kernel.org>
next prev parent reply other threads:[~2024-06-25 13:37 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-24 15:49 [PATCH 0/8] Support foreign mount namespace with statmount/listmount Josef Bacik
2024-06-24 15:49 ` [PATCH 1/8] fs: relax permissions for listmount() Josef Bacik
2024-06-24 15:49 ` [PATCH 2/8] fs: relax permissions for statmount() Josef Bacik
2024-06-24 15:49 ` [PATCH 3/8] fs: keep an index of current mount namespaces Josef Bacik
2024-06-25 13:03 ` Jeff Layton
2024-06-25 13:39 ` Christian Brauner
2024-06-24 15:49 ` [PATCH 4/8] fs: export the mount ns id via statmount Josef Bacik
2024-06-24 15:49 ` [PATCH 5/8] fs: Allow listmount() in foreign mount namespace Josef Bacik
2024-06-24 15:49 ` [PATCH 6/8] fs: Allow statmount() " Josef Bacik
2024-06-24 15:49 ` [PATCH 7/8] fs: add an ioctl to get the mnt ns id from nsfs Josef Bacik
2024-06-25 14:10 ` Jeff Layton
2024-06-25 14:21 ` Christian Brauner
2024-06-25 14:50 ` Jeff Layton
2024-06-25 15:02 ` Christian Brauner
2024-07-30 16:45 ` Dmitry V. Levin
2024-07-31 5:51 ` Christian Brauner
2024-06-24 15:49 ` [PATCH 8/8] selftests: add a test for the foreign mnt ns extensions Josef Bacik
2024-06-25 13:37 ` Jeff Layton [this message]
2024-06-25 14:00 ` [PATCH 0/8] Support foreign mount namespace with statmount/listmount Christian Brauner
2024-06-25 20:15 ` Karel Zak
2024-06-26 12:03 ` Christian Brauner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c524f7f9546407c912d053e2fe516877fb41aec7.camel@kernel.org \
--to=jlayton@kernel.org \
--cc=brauner@kernel.org \
--cc=josef@toxicpanda.com \
--cc=kernel-team@fb.com \
--cc=linux-fsdevel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).