On 2018-06-15, James Bottomley <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > - Supports any id maps possible for a user namespace > > > > Have we already ruled out storing the container's UID/GID/perms in an > > extended attribute, and having all the files owned by the owner of > > the container from the perspective of the unshifted fs. Then shiftfs > > reads the xattr and presents the files with the container's idea of > > what the UID is? > > I've got an experimental patch set that does the *mark* as an xattr. I forgot to ask you about this when we all met face-to-face -- can you go over what the purpose of marking the mounts before being able to shifts is? When I saw your demo at LPC I was quite confused about what it was doing (I think you mentioned it was a security feature, but I must admit I didn't follow the explanation). -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature
