On Tue, Feb 20, 2024 at 07:56:32PM -0500, Stéphane Graber wrote: > Hey there, > > Sorry, I don't have the time to go through all the details in this > post to provide an adequate response, I'm adding Aleksandr who may be > able to provide more details on what we've been up to (what James > alluded to). > > Our proposal is effectively bumping the in-kernel kuid_t/kgid_t from > uint32 to uint64, which allows for individual user namespaces to get a > full usable uint32 uid/gid range in the kernel. Obviously any kind of > data persistence needs some mapping (VFS idmap) and there are a bunch > of other corner cases as to how this is all exposed to userspace. > > The idea around this stuff started back at Plumbers / Kernel summit > all the way back in 2019 with a bit of refinement on the idea on and > off ever since. > We now have a functional patchset and example userspace code at: > - https://github.com/mihalicyn/isolated-userns > - https://github.com/mihalicyn/linux/commits/isolated_userns > > If you don't mind watching a video, we have a reasonably detailed talk > on the topic as well as demo and useful audience questions and > feedback from FOSDEM here: https://www.youtube.com/watch?v=mOLzSzpVwHU > > After talking about this with folks at a number of LPC / kernel summit > / FOSDEM by this point, our next step is going to be an RFC patchset, > I think at this point we just want the cgroupfs issue sorted out > before sending that out. > > I'll try to set some time to go through your full e-mail later this > week if Alex doesn't get to it first! Looking forward to it!
