On Fri, Jan 20, 2023 at 10:43:46AM +0100, Giuseppe Scrivano wrote:
> This patch enables idmapped mounts for tmpfs when CONFIG_SHMEM is defined.
> Since all dedicated helpers for this functionality exist, in this
> patch we just pass down the idmap argument from the VFS methods to the
> relevant helpers.
>
> Signed-off-by: Giuseppe Scrivano <gscrivan@xxxxxxxxxx>
> Tested-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx>
> ---
Tested this and it works nicely for me. I did test:
* xfstests without and with idmapped mounts.
They pass without introducing any new failures.
* Mounting tmpfs inside of an unprivileged container, then creating an
idmapped mount of tmpfs and sharing that mount with a nested
container.
I tested POSIX ACLs, fscaps, ownership changes, set{g,u}id inheritance.
I'll also let Seth take a look but otherwise this look good.
Thanks for picking that up!
Reviewed-by: Christian Brauner (Microsoft) <brauner@xxxxxxxxxx>
Hugh, if you're fine with this patch then I would ask you whether you
would allow me to take this patch since it's on top of other patches.
They are non-functional changes but not basing this patch on top of them
would cause yet more merge conflicts.
