From: ebiederm@xmission.com (Eric W. Biederman)
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>,
"linux-kernel\@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Linux Containers <containers@lists.linux-foundation.org>,
LXC development mailing-list
<lxc-devel@lists.linuxcontainers.org>
Subject: Re: [RFC] Per-user namespace process accounting
Date: Sat, 07 Jun 2014 20:25:46 -0700 [thread overview]
Message-ID: <87vbsc6q11.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <1402177144.2236.26.camel@dabdike.int.hansenpartnership.com> (James Bottomley's message of "Sat, 07 Jun 2014 14:39:04 -0700")
James Bottomley <James.Bottomley@HansenPartnership.com> writes:
> On Tue, 2014-06-03 at 10:54 -0700, Eric W. Biederman wrote:
>>
>> 90% of that work is already done.
>>
>> As long as we don't plan to support XFS (as it XFS likes to expose it's
>> implementation details to userspace) it should be quite straight
>> forward.
>
> Any implementation which doesn't support XFS is unviable from a distro
> point of view. The whole reason we're fighting to get USER_NS enabled
> in distros goes back to lack of XFS support (they basically refused to
> turn it on until it wasn't a choice between XFS and USER_NS). If we put
> them in a position where they choose a namespace feature or XFS, they'll
> choose XFS.
This isn't the same dicotomy. This is a simple case of not being able
to use XFS mounted inside of a user namespace. Which does not cause any
regression from the current use cases. The previous case was that XFS
would not build at all.
There were valid technical reasons but part of the reason the XFS
conversion took so long was my social engineering the distro's to not
enable the latest bling until there was a chance for the initial crop of
bugs to be fixed.
> XFS developers aren't unreasonable ... they'll help if we ask. I mean
> it was them who eventually helped us get USER_NS turned on in the first
> place.
Fair enough. But XFS is not the place to start.
For most filesystems the only really hard part is finding the handful of
places where we actually need some form of error handling when on disk
uids don't map to in core kuids. Which ultimately should wind up with
maybe a 20 line patch for most filesystems.
For XFS there are two large obstacles to overcome.
- XFS journal replay does not work when the XFS filesystem is moved from
a host with one combination of wordsize and endianness to a host with
a different combination of wordsize and edianness. This makes XFS a
bad choice of a filesystem to move between hosts in a sparse file.
Every other filesystem in the kernel handles this better.
- The XFS code base has a large the largest number of any ioctls of any
filesystem in the linux kernel. This increases the amount of code
that has to be converted. Combine that with the fact that the XFS
developers chose to convert from kuids and kgids at the VFS<->FS layer
instead of at the FS<->disk layer it becomes quite easy to miss
changing code in an ioctl or a quota check by accident. Which all
adds up to the fact that converting XFS to be mountable with a non 1-1
mapping of filesystem uids and system kuids is going to be a lot more
than a simple 20 line patch.
All of that said what becomes attractive about this approach is that it
gets us to the point where people can ask questions about mounting
normal filesystems unprivileged and the entire reason it won't be
allowed are (no block devices to mount from) and concern that the
filesystem error handling code is not sufficient to ward off evil users
that create bad filesystem images.
Eric
next prev parent reply other threads:[~2014-06-08 3:26 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-05-29 6:37 [RFC] Per-user namespace process accounting Marian Marinov
2014-05-29 10:06 ` Eric W. Biederman
2014-05-29 10:40 ` Marian Marinov
2014-05-29 15:32 ` Serge Hallyn
2014-06-03 17:01 ` Pavel Emelyanov
2014-06-03 17:26 ` Serge Hallyn
2014-06-03 17:39 ` Pavel Emelyanov
2014-06-03 17:47 ` Serge Hallyn
2014-06-03 18:18 ` Eric W. Biederman
2014-06-03 17:54 ` Eric W. Biederman
2014-06-03 21:39 ` Marian Marinov
2014-06-23 4:07 ` Serge E. Hallyn
2014-06-07 21:39 ` James Bottomley
2014-06-08 3:25 ` Eric W. Biederman [this message]
2014-06-12 14:37 ` Alin Dobre
2014-06-12 15:08 ` [lxc-devel] " Serge Hallyn
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vbsc6q11.fsf@x220.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lxc-devel@lists.linuxcontainers.org \
--cc=serge.hallyn@ubuntu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox