[Devel] Re: [PATCH 4/6] user namespaces: add user_ns to super block
Eric W. Biederman
ebiederm at xmission.com
Mon Jul 28 16:03:45 PDT 2008
Matt Helsley <matthltc at us.ibm.com> writes:
> Would this require passing the vfsmount to the filesystems themselves,
> or would they be within the VFS code only?
The interesting bit is the user_namespace contained in the vfsmount. We
can pass that down. I think semantically it makes sense for a filesystem
mount to only operate in a single mount namespace.
> If not wholly within the VFS
> I wonder if Al Viro would object to this. He's resisted past attempts to
> pass the vfsmount structs into more filesystem code paths and I'm
> guessing that could affect whether or not this approach can be
> implemented.
Dave Hansen raised that concern when we were talking about it earlier. Since
we just care about a property of the mount it isn't a big deal.
Actually thinking about this a little farther it may be simplest to have the
mnt_namespace capture the user_namespace, although that doesn't seem to map
semantically very well with cloning of the filesystem.
This is very much a question of how do we map the uid/gids store in the filesystem
into the uids/gids in the kernel. Which user namespace do they belong in.
Especially in the case of read only mounts we can safely share a filesystem between
user_namespaces with no changes to the filesystem. Which I suspect is the
first case we want to allow as that is a tremendous savings in space if you have
lots of instances of the same distro, and people have been doing it with /usr
for years.
Eric
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list