On Fri, Oct 21, 2022 at 09:49:48PM -0500, Steve French wrote:
> I noticed test generic/645 is skipped on cifs.ko due to
> "src/vfs/vfstest --idmapped-mounts-supported ..."
> returning an error for
> generic/645
> casuing
> [not run] vfstest not support by cifs
>
> Any ideas on what it takes for a filesystem to support idmapped mounts
> (in this case cifs.ko)?
There shouldn't be much magic to it and I plan to implement support for
a networking filesystem in the not too distant future. Before that
happens though I want to do some vfs conversions to improve security
even more.
Basically all that is needed is that all inode operations that require
knowledge about __local__ ownership wrt to {g,u}ids take the mount's
idmapping into account. So in the worst case we might need to extend
some additional inode operations to pass down the mount's idmapping. The
rest is then filesystems specific work. As I said, I try to convert a
networking filesystems next year. It will be too short to do it by the
end of this year.
Christian
