From: Aleksa Sarai <asarai@suse.de>
To: Matthew Wilcox <willy@infradead.org>
Cc: Seth Forshee <seth.forshee@canonical.com>,
containers@lists.linux-foundation.org,
James Bottomley <James.Bottomley@HansenPartnership.com>,
Tyler Hicks <tyler.hicks@canonical.com>,
Christian Brauner <christian.brauner@canonical.com>,
linux-fsdevel@vger.kernel.org
Subject: Re: shiftfs status and future development
Date: Sat, 16 Jun 2018 01:56:56 +1000 [thread overview]
Message-ID: <20180615155656.6kscar5qnhfli7tz@gordon> (raw)
In-Reply-To: <20180615152529.GA23527@bombadil.infradead.org>
[-- Attachment #1: Type: text/plain, Size: 1310 bytes --]
On 2018-06-15, Matthew Wilcox <willy@infradead.org> wrote:
> > - Supports any id maps possible for a user namespace
>
> Have we already ruled out storing the container's UID/GID/perms in an
> extended attribute, and having all the files owned by the owner of the
> container from the perspective of the unshifted fs. Then shiftfs reads
> the xattr and presents the files with the container's idea of what the
> UID is?
I think, while simple, this idea has the problem that you couldn't
really have a single directory be shifted more than once without copying
it (or using an overlayfs which is then shiftfs'd). So for the usecase
of giving each container on a system a unique allocation of host uids
and gids (while using the same image storage) you would run into some
issues.
It does remind me of something similar we do as part of the "rootless
containers" project -- we have "user.rootlesscontainers" which contains a
protobuf payload with the "owner" information. Though in rootless
containers we are using this xattr for something quite different: faking
chown(2) and similar operations to make it look as though an
unprivileged user namespace contains more than one user.
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-06-15 15:57 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-14 18:44 shiftfs status and future development Seth Forshee
2018-06-15 13:56 ` Serge E. Hallyn
2018-06-15 14:59 ` Seth Forshee
2018-06-15 15:25 ` Matthew Wilcox
2018-06-15 15:56 ` Aleksa Sarai [this message]
2018-06-15 16:09 ` James Bottomley
2018-06-15 17:04 ` Aleksa Sarai
2018-06-15 17:22 ` James Bottomley
2018-06-15 20:47 ` Seth Forshee
2018-06-15 21:09 ` James Bottomley
2018-06-15 21:35 ` Seth Forshee
2018-06-16 3:03 ` James Bottomley
2018-06-18 13:40 ` Seth Forshee
2018-06-18 13:49 ` Amir Goldstein
2018-06-18 14:56 ` James Bottomley
2018-06-18 16:03 ` Seth Forshee
2018-06-18 17:11 ` Amir Goldstein
2018-06-18 19:53 ` Phil Estes
2018-06-21 20:16 ` Seth Forshee
2018-06-24 11:32 ` Amir Goldstein
2018-06-25 11:19 ` Christian Brauner
2018-06-27 7:48 ` James Bottomley
2018-06-27 10:17 ` Amir Goldstein
2018-07-03 16:54 ` Serge E. Hallyn
2018-07-03 17:08 ` Stéphane Graber
2018-07-03 22:05 ` Serge E. Hallyn
2018-06-15 14:54 ` Aleksa Sarai
2018-06-15 15:05 ` Seth Forshee
2018-06-15 15:28 ` James Bottomley
2018-06-15 15:46 ` Seth Forshee
2018-06-15 16:16 ` Christian Brauner
2018-06-15 16:35 ` James Bottomley
2018-06-15 20:17 ` Seth Forshee
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180615155656.6kscar5qnhfli7tz@gordon \
--to=asarai@suse.de \
--cc=James.Bottomley@HansenPartnership.com \
--cc=christian.brauner@canonical.com \
--cc=containers@lists.linux-foundation.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=seth.forshee@canonical.com \
--cc=tyler.hicks@canonical.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).