"Serge E. Hallyn" <serue@xxxxxxxxxx> writes: > > By itself that is not sufficient. We need to support two inodes on the > same fs where both have i_uid=500 on the host fs, while in user > namespace X one is owned by uid 0, and another by uid 1000. > > So we need to be able to pass the filesystem an inode and a user > namespace, and ask for the owning uid and gids. > > Or am I (I likely am) misunderstanding? There are two questions. Does this filesystem provide mappings to user namespace X? What is the mapping from this filesystem to user namespace X? I think we may be able to separate those two questions. The important idea is that we don't need to implement filesystem changes in the first pass. Just have the permission check fail unconditionally if we are not in the init_user_ns. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers