On Mon, Oct 24, 2022 at 09:15:52PM +0200, Michael Weiß wrote: > For squashfs all needed functionality for idmapped mounts is already > implemented by the generic handlers in the VFS. Thus, it is sufficient > to just enable the corresponding FS_ALLOW_IDMAP flag to support > idmapped mounts. > > We use this for unprivileged (user namespaced) containers based on > squashfs images as rootfs in GyroidOS. > > A simple test using the mount-idmapped tool executed as user with > uid=1000 looks as follows: > > $ mkdir test > $ echo "test" > test/test_file > $ mksquashfs test/ fs.img > $ sudo mkdir /mnt/test > $ sudo mkdir /mnt/mapped > $ sudo mount fs.img -o loop /mnt/test/ > $ sudo ./mount-idmapped --map-mount b:1000:2000:1 /mnt/test/ /mnt/mapped/ > > $ mount | tail -n2 > fs.img on /mnt/test type squashfs (ro,relatime,errors=continue) > fs.img on /mnt/mapped type squashfs (ro,relatime,idmapped,errors=continue) > > $ ls -lan /mnt/test/ > total 5 > drwxr-xr-x 2 1000 1000 32 Okt 24 13:36 . > drwxr-xr-x 6 0 0 4096 Okt 24 13:38 .. > -rw-r--r-- 1 1000 1000 5 Okt 24 13:36 test_file > > $ ls -lan /mnt/mapped/ > total 5 > drwxr-xr-x 2 2000 2000 32 Okt 24 13:36 . > drwxr-xr-x 6 0 0 4096 Okt 24 13:38 .. > -rw-r--r-- 1 2000 2000 5 Okt 24 13:36 test_file > > Signed-off-by: Michael Weiß <michael.weiss@xxxxxxxxxxxxxxxxxxx> > --- This should indeed be all that is needed. Looks good to me, Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
