patchset to enable user namespaces

Stefan Bader stefan.bader at
Thu Sep 26 06:56:23 UTC 2013

On 26.09.2013 01:04, Serge Hallyn wrote:
> Quoting Andy Whitcroft (apw at
>> On Mon, Sep 23, 2013 at 05:08:26PM -0500, Serge Hallyn wrote:
>>> Hi,
>>> The final patches needed to resolve conflicts between XFS and user
>>> namespaces are in 3.12.  I've backported them to saucy at
>>>;a=summary # m.sep23.xfs2
>>> This has 7 patches cherrypicked from Linus' tree, one patch by
>>> myself to add a sysctl, default off, to enable unprivileged use
>>> of CLONE_NEWUSER, and a packaging patch to set CONFIG_USER_NS=y.
>> These are pretty big patches to be bringing so late to the party.  I am
>> particularly concerned that you have missed the beta deadline so we will
>> be shovelling this into the kernel after the majority of the testing has
>> been completed.
>> I assume we need these XFS patches because you cannot enable USER_NS at
>> all without disabling XFS en-toto, an obvious no-no.  What feature does
>> this new code enable which would be lost if we don't have them.
>> On the unpriveleged setup, I presume we are saying upstream will allow
>> it by default, it is just us who are adding this possible cut off if
>> there are issues?
>> As this heavily affects xfs what testing has been done there with your
>> patches to confirm basic xfs operation after they are applied.  It not
> Just creating and running containers on an XFS filesystem.  Installing
> packages, building lxc - working the fs hard but not in imaginative
> ways.  For future reference is there any particular test you use
> nowadays?
> -serge
In theory there is xfstests-dev[1]. Though usage is (or at least was) a pain in
the bum. Also results where kind of varying for xfs in the past (some runs even
crashing hard in the past), so one would need several runs before and after to
get a pattern.
I believe that we use those in the kernel testing but I am not sure whether
right now only for ext4/3/2 (which despite its name is also supported).


[1] git://

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the kernel-team mailing list