"Serge E. Hallyn" <serge@xxxxxxxxxx> writes: > On Fri, Aug 28, 2020 at 10:17:16AM -0500, Eric W. Biederman wrote: >> >> We had a discussion in the hackroom at LPC talking about use cases for >> a shiftfs style setup where there are different mappings of uids to >> disk. >> >> In the discussion we had a couple of ideas of kernel developments >> we should look at that address some of these. >> >> - Fix rlimits in user namespaces (This potentially allows multiple >> containers to run with the same userids simplifying the mapping >> problem). >> >> - Look at extending kuid_t to 64bits and using the highbits to >> implement uids that are private to user namespaces and don't >> map out. >> >> - Look at ways for allowing setgroups unprivileged. >> >> >> Together this has the potential that the existing uid & gid mappings >> will be able to function the same as the proposed fusid mappings. Fingers crossed. >> >> >> I had some problems with audio and a lot of people were talking >> quickly. So I did not manage to capture everyone's use cases. And I >> definitely was not able to see how everyone's use cases interacted with >> the changes we are looking at. >> >> I know for certain I missed Serge's usecase (apologies). >> >> Can people follow up to this and report their use cases? > > Sorry - I'll do so later this week. Thank you. I know we have the OCI use case of overlayfs and sharing storage between containers. I know we have the lxc case of not wanting to be strangled by ulimits. So not using the same uid between containers even when it is logically the same users. I know the brainstorming was going a lot of different directions and I piped up and said that we should probably focus on handling the stranger cases with fuse mounts, and the other capabilities we have now. It really will be valuable to understand the other cases so we don't code ourselves into a corner that only works for the most vocal of the developers. Eric _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
