From: "Serge E. Hallyn" <serue@us.ibm.com>
To: Bryan Donlan <bdonlan@gmail.com>
Cc: mtk.manpages@gmail.com, ebiederm@xmission.com,
lkml <linux-kernel@vger.kernel.org>,
linux-man@vger.kernel.org, clg@fr.ibm.com, herbert@13thfloor.at,
dev@sw.ru, Subrata Modak <subrata@linux.vnet.ibm.com>,
David Howells <dhowells@redhat.com>
Subject: Re: Could you write some CLONE_NEWUSER?
Date: Thu, 4 Dec 2008 16:33:36 -0600 [thread overview]
Message-ID: <20081204223336.GA20990@us.ibm.com> (raw)
In-Reply-To: <3e8340490812041218l7b4633fev5126f25a5d33076c@mail.gmail.com>
Quoting Bryan Donlan (bdonlan@gmail.com):
> This is something more of a general question than one about this
> manpage, but how will files owned by user namespaces be represented on
> the underlying filesystem? Since (C, 501) will be meaningless after a
> reboot at the latest, it makes little sense to persist them...
Yeah that's a very interesting question. Clearly persistant names for
the user namespaces are needed. Eric very much wanted to avoid having
the user namespaces be explicitly named, so we pursued the path of
having the filesystem handle the naming. So in my last patchset,
a mount option could register the mounter's user namespace name.
There would be a system-wide policy saying for instance that (B,500)
user namespaces owned by can register themselves at C.
(end of discussion arising from that patchset is here: )
https://lists.linux-foundation.org/pipermail/containers/2008-August/012793.html
In the simplest case of no fs support for user namespaces, the mount
will be 'owned' by the userns which mounted it (no persistant name
needed for that). Users who are in a different namespace will only get
the 'user other' permission to the file/dir, and may not create files
there (since we wouldn't know which userid to place on it).
Then the fs can support user namespaces - however it wants. It could
just store (B, 500),(C, 501) in an xattr. Or it could just store the
userid and userns name of the lowest user (I.e. C and 0), and count on
knowning that (B, 500) owns user namespace C. We do want to provide
generic helpers in lib/fsuserns.c which any fs could use.
But yes, picking a meaningful persistant name for a user namespace
is an issue.
-serge
prev parent reply other threads:[~2008-12-04 22:33 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-12-04 15:20 Could you write some CLONE_NEWUSER? Michael Kerrisk
2008-12-04 15:34 ` Serge E. Hallyn
2008-12-04 15:41 ` Michael Kerrisk
2008-12-04 19:04 ` Serge E. Hallyn
2008-12-04 20:18 ` Bryan Donlan
2008-12-04 22:33 ` Serge E. Hallyn [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20081204223336.GA20990@us.ibm.com \
--to=serue@us.ibm.com \
--cc=bdonlan@gmail.com \
--cc=clg@fr.ibm.com \
--cc=dev@sw.ru \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=herbert@13thfloor.at \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@gmail.com \
--cc=subrata@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox