[Devel] [PATCH rh7 00/11] fs: translate uids/gids against current user namespace's mapping

Konstantin Khorenko khorenko at virtuozzo.com
Thu Jun 22 17:47:47 MSK 2017 

We want to configure non-default user namespace mappings for Containers,
but still want to store uids/gids of files relative to Container user ns mapping.

The solution is to store link to user_ns in super block on fs mount
and use that user_ns mapping for later inodes' uid/gid mapping.

Notes:
1) acl should also behave in the same way, not tested yet
2) mainstream has disabled quota for non-init user_ns:
   5c00482 ("dquot: For now explicitly don't support filesystems outside of
   init_user_ns")
   We need quota working inside a Container, so i did not apply the patch,
   but quota code has be to reviewed additionally.

Eric W. Biederman (5):
  ms/fs: Add user namespace member to struct super_block
  ms/vfs: Verify acls are valid within superblock's s_user_ns.
  ms/vfs: Don't modify inodes with a uid or gid unknown to the vfs
  ms/vfs: Don't create inodes with a uid or gid unknown to the vfs
  ms/quota: Ensure qids map to the filesystem

Konstantin Khorenko (1):
  proc: use proper user_ns for mount

Seth Forshee (5):
  ms/fs: Refuse uid/gid changes which don't map into s_user_ns
  ms/fs: Check for invalid i_uid in may_follow_link()
  ms/cred: Reject inodes with invalid ids in set_create_file_as()
  ms/fs: Update i_[ug]id_(read|write) to translate relative to s_user_ns
  ms/vfs: open() with O_CREAT should not create inodes with unknown ids

 fs/9p/acl.c               |  2 +-
 fs/attr.c                 | 19 ++++++++++++++
 fs/btrfs/acl.c            |  3 ++-
 fs/ceph/acl.c             |  3 ++-
 fs/ext4/acl.c             |  2 +-
 fs/generic_acl.c          |  2 +-
 fs/gfs2/acl.c             |  2 +-
 fs/inode.c                |  7 +++++
 fs/namei.c                | 46 ++++++++++++++++++++++++++------
 fs/nfsd/acl.h             |  3 ++-
 fs/nfsd/nfs4acl.c         |  6 ++---
 fs/nfsd/vfs.c             |  2 +-
 fs/posix_acl.c            |  6 ++---
 fs/proc/root.c            |  3 ++-
 fs/quota/dquot.c          |  3 +++
 fs/quota/quota.c          | 12 ++++-----
 fs/super.c                | 52 +++++++++++++++++++++++++++++++-----
 fs/xattr.c                |  7 +++++
 fs/xfs/xfs_acl.c          |  2 +-
 include/linux/fs.h        | 67 +++++++++++++++++++++++++++++------------------
 include/linux/posix_acl.h |  2 +-
 include/linux/quota.h     | 10 +++++++
 kernel/cred.c             |  2 ++
 23 files changed, 201 insertions(+), 62 deletions(-)

-- 
1.8.3.1

More information about the Devel mailing list