Steve French <smfrench@xxxxxxxxx> writes: > Do you have a pointer to the background on kuid/kgid You might try this lwn article https://lwn.net/Articles/491310/ In a nutshell each user namespace has it's own view of uid_t and gid_t values. Those values are mapped into kernel internal kuid_t and kgid_t values. Then user space interfaces convert from kuid_t and kgid_t when read from userspace. The initial user namespace as a 1-1 identity mapping between kuid_t and uid_t values. kuid_t and kgid_t are not assignment compatible with uid_t and gid_t so that if the conversions are left out a compile error results. My strategy is to push kuid_t and kgid_t values as deeply into the kernel data structures as possible so that there is a high propbability that when we get it wrong a compile error will happen. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
