From: Jan Kara <jack@suse.cz>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Andrew Morton <akpm@linux-foundation.org>,
linux-kernel@vger.kernel.org, Balbir Singh <balbir@in.ibm.com>,
containers@lists.osdl.org
Subject: Re: [PATCH] Send quota messages via netlink
Date: Wed, 5 Sep 2007 15:32:01 +0200 [thread overview]
Message-ID: <20070905133201.GA24462@duck.suse.cz> (raw)
In-Reply-To: <20070904234852.GA12592@vino.hallyn.com>
On Tue 04-09-07 18:48:52, Serge E. Hallyn wrote:
> Quoting Jan Kara (jack@suse.cz):
> > On Tue 04-09-07 16:32:10, Serge E. Hallyn wrote:
> > > Quoting Jan Kara (jack@suse.cz):
> > > > On Thu 30-08-07 17:14:47, Serge E. Hallyn wrote:
> > > > > Quoting Jan Kara (jack@suse.cz):
> > > > > > I imagine it so that you have a machine and on it several virtual
> > > > > > machines which are sharing a filesystem (or it could be a cluster). Now you
> > > > > > want UIDs to be independent between these virtual machines. That's it,
> > > > > > right?
> > > > > > Now to continue the example: Alice has UID 100 on machineA, Bob has
> > > > > > UID 100 on machineB. These translate to UIDs 1000 and 1001 on the common
> > > > > > filesystem. Process of Alice writes to a file and Bob becomes to be over
> > > > > > quota. In this situation, there would be probably two processes (from
> > > > > > machineA and machineB) listening on the netlink socket. We want to send a
> > > > > > message so that on Alice's desktop we can show a message: "You caused
> > > > > > Bob to exceed his quotas" and of Bob's desktop: "Alice has caused that you
> > > > > > are over quota.".
> > > > >
> > > > > Since this is over NFS, you handle it the way you would any other time
> > > > > that user Alice on some other machine managed to do this.
> > > > I meant this would actually happen over a local filesystem (imagine
> > > > something like "hostfs" from UML).
> > >
> > > Ok, then that is where I was previously suggesting that we use an api to
> > > report a uid meaningful in bob's context, where we currently (in the
> > > absense of meaningful mount uids and uid equivalence) tell Bob that root
> > > was the one who brought him over quota. From a user pov 'nobody' would
> > > make more sense, but I don't think we want the kernel to know about user
> > > nobody, right?
> > But what is the problem with using the filesystem ids? All virtual
> > machines in my example should have a notion of those...
>
> I don't know what you mean by filesystem ids. Do you mean the uid
> stored on the fs? I imagine a network fs could get fancy and store
> something more detailed than the unix uid, based on the user's keys.
>
> Do you mean the inode->i_uid? Nothing wrong with that. Then we just
> assume that either you are in the superblock or mount's user namespace
> (depending on how we implement it, probably superblock), or can figure
> out what that is.
I meant the identity the process uses to access the filesystem (to
identify the user who caused the limit excess) and also the identity stored
in the quota file (to identify whose quota was exceeded).
Anyway, any identity more complicated than just a number needs changes in
both quota file format and filesystems so at that moment, we can also
change the netlink interface...
> Sure, and in many ways. But if working with NFS, as far as I know the
> most common way to solve it is to enforce a common /etc/passwd across
> all the valid NFS clients :)
Then one wonders whether user namespaces are really what users want ;).
Honza
--
Jan Kara <jack@suse.cz>
SuSE CR Labs
next prev parent reply other threads:[~2007-09-05 13:12 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-08-28 14:13 [PATCH] Send quota messages via netlink Jan Kara
2007-08-29 4:13 ` Andrew Morton
2007-08-29 4:54 ` David Miller
2007-08-29 5:41 ` Eric W. Biederman
2007-08-29 6:30 ` Balbir Singh
2007-08-29 12:46 ` Jan Kara
2007-08-31 6:59 ` Balbir Singh
2007-09-03 10:18 ` Jan Kara
2007-08-29 12:26 ` Jan Kara
2007-08-29 15:57 ` Randy Dunlap
2007-08-29 18:31 ` Eric W. Biederman
2007-08-29 19:26 ` Jan Kara
2007-08-29 21:06 ` Eric W. Biederman
2007-08-29 21:19 ` Valdis.Kletnieks
2007-08-30 9:25 ` Jan Kara
2007-08-30 17:33 ` Eric W. Biederman
2007-08-30 18:54 ` Serge E. Hallyn
2007-08-30 19:18 ` Serge E. Hallyn
2007-08-30 19:10 ` Serge E. Hallyn
2007-08-30 22:18 ` Jan Kara
2007-08-30 22:14 ` Serge E. Hallyn
2007-09-03 14:21 ` Jan Kara
2007-09-04 21:32 ` Serge E. Hallyn
2007-09-04 22:49 ` Jan Kara
2007-09-04 23:48 ` Serge E. Hallyn
2007-09-05 13:32 ` Jan Kara [this message]
2007-09-05 14:28 ` Serge E. Hallyn
2007-08-29 4:51 ` Andrew Morton
2007-08-29 10:03 ` Jan Kara
2007-09-03 14:43 ` Jan Kara
2007-09-03 17:12 ` Randy Dunlap
2007-09-03 17:48 ` Jan Kara
2007-09-03 18:41 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070905133201.GA24462@duck.suse.cz \
--to=jack@suse.cz \
--cc=akpm@linux-foundation.org \
--cc=balbir@in.ibm.com \
--cc=containers@lists.osdl.org \
--cc=ebiederm@xmission.com \
--cc=linux-kernel@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox