[Devel] Re: [PATCH 4/6] user namespaces: add user_ns to super block
Matt Helsley
matthltc at us.ibm.com
Mon Jul 28 15:47:10 PDT 2008
On Mon, 2008-07-28 at 14:53 -0700, Eric W. Biederman wrote:
> "Serge E. Hallyn" <serue at us.ibm.com> writes:
>
> >>From 420d6e81ce29d7a6fe3ab7b43c1171e105f8b697 Mon Sep 17 00:00:00 2001
> > From: Serge Hallyn <serue at us.ibm.com>
> > Date: Thu, 24 Jul 2008 18:00:54 -0500
> > Subject: [PATCH 4/6] user namespaces: add user_ns to super block
> >
> > Add a user_ns to the super_block, and set it to the user_ns of
> > the process which mounted the fs.
> >
> > In generic_permission() compare the current user_ns to that
> > of the user_ns which mounted the inode's filesystem.
>
> I don't think this is the right approach.
>
> When we had the conversation earlier this was conceptually rejected
> as it prevents nfs superblock unification.
>
> We really want to store this in the vfsmount and pass the user namespace down
> from there to where we are going to use it if at all possible.
>
> The vfsmount also appears necessary if we are ever going to support multiple
> user namespaces per filesystem as the filesystem still need to know which
> user namespace to interpret it's data in.
Would this require passing the vfsmount to the filesystems themselves,
or would they be within the VFS code only? If not wholly within the VFS
I wonder if Al Viro would object to this. He's resisted past attempts to
pass the vfsmount structs into more filesystem code paths and I'm
guessing that could affect whether or not this approach can be
implemented.
Cheers,
-Matt Helsley
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list