Re: shiftfs status and future development

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2018-06-15, Matthew Wilcox <willy@xxxxxxxxxxxxx> wrote:
> >  - Supports any id maps possible for a user namespace
> 
> Have we already ruled out storing the container's UID/GID/perms in an
> extended attribute, and having all the files owned by the owner of the
> container from the perspective of the unshifted fs.  Then shiftfs reads
> the xattr and presents the files with the container's idea of what the
> UID is?

I think, while simple, this idea has the problem that you couldn't
really have a single directory be shifted more than once without copying
it (or using an overlayfs which is then shiftfs'd). So for the usecase
of giving each container on a system a unique allocation of host uids
and gids (while using the same image storage) you would run into some
issues.

It does remind me of something similar we do as part of the "rootless
containers" project -- we have "user.rootlesscontainers" which contains a
protobuf payload with the "owner" information. Though in rootless
containers we are using this xattr for something quite different: faking
chown(2) and similar operations to make it look as though an
unprivileged user namespace contains more than one user.

-- 
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>

Attachment: signature.asc
Description: PGP signature


[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux