On Fri, Mar 01, 2024 at 04:47:30PM +0800, Muchun Song wrote: > > > > On Mar 1, 2024, at 16:09, Giuseppe Scrivano <gscrivan@xxxxxxxxxx> wrote: > > > > Muchun Song <muchun.song@xxxxxxxxx> writes: > > > >>> On Feb 29, 2024, at 23:24, Giuseppe Scrivano <gscrivan@xxxxxxxxxx> wrote: > >>> > >>> pass down the idmapped mount information to the different helper > >>> functions. > >>> > >>> Differently, hugetlb_file_setup() will continue to not have any > >>> mapping since it is only used from contexts where idmapped mounts are > >>> not used. > >> > >> Sorry, could you explain more why you want this changes? What's the > >> intention? > > > > we are adding user namespace support to Kubernetes to run each > > pod (a group of containers) without overlapping IDs. We need idmapped > > mounts for any mount shared among multiple pods. > > > > It was reported both for crun and containerd: > > > > - https://github.com/containers/crun/issues/1380 > > - https://github.com/containerd/containerd/issues/9585 > > It is helpful and really should go into commit log to explain why it > is necessary (those information will useful for others). The changes > are straightforward, but I am not familiar with Idmappings (I am not > sure if there are more things to be considered). Fwiw, I've reviewed this before and it should be fine. I'll take another close look at it but last time I didn't see anything obvious that would be problematic so I'd be tempted to apply it unless there's specific objections.
