On Wed, Apr 05, 2023 at 03:11:22PM +0200, Christian Brauner wrote: > On Wed, Apr 05, 2023 at 12:44:27PM +0200, Carlos Maiolino wrote: > > Hi Christian. > > > > On Wed, Apr 05, 2023 at 10:52:44AM +0200, Christian Brauner wrote: > > > On Mon, Apr 03, 2023 at 10:47:53AM +0200, cem@xxxxxxxxxx wrote: > > > > From: Carlos Maiolino <cmaiolino@xxxxxxxxxx> > > > > > > > > Hi folks. this work has been done originally by Lukas, but he left the company, > > > > so I'm taking over his work from where he left it of. This series is virtually > > > > done, and he had updated it with comments from the last version, but, I'm > > > > > > I've commented on the last version: > > > > > > https://lore.kernel.org/linux-fsdevel/20221129112133.rrpoywlwdw45k3qa@wittgenstein > > > > > > trying to point out that tmpfs can be mounted in user namespaces. Which > > > means that the quota uids and gids need to take the idmapping of the > > > user namespace in which the tmpfs instances is mounted in into account; > > > not the one on the host. > > > > > > See the link above for some details. Before we can merge this it would > > > be very good if we could get tests that verify tmpfs being mounted > > > inside a userns with quotas enabled because I don't think this is > > > covered yet by xfstests. Or you punt on it for now and restricted quotas > > > to tmpfs instances mounted on the host. > > > > > > > Thanks for the link, I've read it before, and this is by now a limitation I'd > > like to keep in this series. I can extend it to be namespace aware later on, but > > the current goal of this series is to be able tmpfs mounts on the host to limit > > the amount of memory consumed by users. Being namespace aware is something I > > This is fine with me. But please point the restriction out in the > documentation and in the commit message. This is especially important > because the check is hidden in the bowls of dquot_load_quota_sb(). Sounds reasonable, I'll work on the comments I received and re-send this series next week if nothing urgent comes up. > > Ideally we'd probably check for fc->user_ns == &init_user_ns directly > when parsing the quota mount options instead of waiting until > fill_super. -- Carlos Maiolino
