This adds the STATMOUNT_MNT_UIDMAP and STATMOUNT_MNT_GIDMAP options.
It allows the retrieval of idmappings via statmount().
Currently it isn't possible to figure out what idmappings are applied to
an idmapped mount. This information is often crucial. Before statmount()
the only realistic options for an interface like this would have been to
add it to /proc/<pid>/fdinfo/<nr> or to expose it in
/proc/<pid>/mountinfo. Both solution would have been pretty ugly and
would've shown information that is of strong interest to some
application but not all. statmount() is perfect for this.
The idmappings applied to an idmapped mount are shown relative to the
caller's user namespace. This is the most useful solution that doesn't
risk leaking information or confuse the caller.
For example, an idmapped mount might have been created with the
following idmappings:
mount --bind -o X-mount.idmap="0:10000:1000 2000:2000:1 3000:3000:1" /srv /opt
Listing the idmappings through statmount() in the same context shows:
mnt_id: 2147485088
mnt_parent_id: 2147484816
fs_type: btrfs
mnt_root: /srv
mnt_point: /opt
mnt_opts: ssd,discard=async,space_cache=v2,subvolid=5,subvol=/
mnt_uidmap[0]: 0 10000 1000
mnt_uidmap[1]: 2000 2000 1
mnt_uidmap[2]: 3000 3000 1
mnt_gidmap[0]: 0 10000 1000
mnt_gidmap[1]: 2000 2000 1
mnt_gidmap[2]: 3000 3000 1
But the idmappings might not always be resolvablein the caller's user
namespace. For example:
unshare --user --map-root
In this case statmount() will indicate the failure to resolve the idmappings
in the caller's user namespace by listing 4294967295 aka (uid_t) -1 as
the target of the mapping while still showing the source and range of
the mapping:
mnt_id: 2147485087
mnt_parent_id: 2147484016
fs_type: btrfs
mnt_root: /srv
mnt_point: /opt
mnt_opts: ssd,discard=async,space_cache=v2,subvolid=5,subvol=/
mnt_uidmap[0]: 0 4294967295 1000
mnt_uidmap[1]: 2000 4294967295 1
mnt_uidmap[2]: 3000 4294967295 1
mnt_gidmap[0]: 0 4294967295 1000
mnt_gidmap[1]: 2000 4294967295 1
mnt_gidmap[2]: 3000 4294967295 1
Note that statmount() requires that the whole range must be resolvable
in the caller's user namespace. If a subrange fails to map it will still
list the map as not resolvable. This is a practical compromise to avoid
having to find which subranges are resovable and wich aren't.
Idmappings are listed as a string array with each mapping separated by
zero bytes. This allows to retrieve the idmappings and immediately use
them for writing to e.g., /proc/<pid>/{g,u}id_map and it also allow for
simple iteration like:
if (stmnt->mask & STATMOUNT_MNT_UIDMAP) {
const char *idmap = stmnt->str + stmnt->mnt_uidmap;
for (size_t idx = 0; idx < stmnt->mnt_uidmap_nr; idx++) {
printf("mnt_uidmap[%lu]: %s\n", idx, idmap);
idmap += strlen(idmap) + 1;
}
}
Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
---
Christian Brauner (4):
uidgid: add map_id_range_up()
statmount: allow to retrieve idmappings
samples/vfs: check whether flag was raised
samples/vfs: add STATMOUNT_MNT_{G,U}IDMAP
fs/internal.h | 1 +
fs/mnt_idmapping.c | 49 ++++++++++++++++++++++++++++++++++++++
fs/namespace.c | 43 ++++++++++++++++++++++++++++++++-
include/linux/uidgid.h | 6 +++++
include/uapi/linux/mount.h | 8 ++++++-
kernel/user_namespace.c | 26 +++++++++++++-------
samples/vfs/samples-vfs.h | 14 ++++++++++-
samples/vfs/test-list-all-mounts.c | 35 ++++++++++++++++++++++-----
8 files changed, 164 insertions(+), 18 deletions(-)
---
base-commit: 6d61a53dd6f55405ebcaea6ee38d1ab5a8856c2c
change-id: 20250129-work-mnt_idmap-statmount-e57f258fef8e
