APPLIED: Pull request: nsmount updates
Seth Forshee
seth.forshee at canonical.com
Wed Apr 6 11:52:26 UTC 2016
On Wed, Apr 06, 2016 at 10:47:52AM +0100, Tim Gardner wrote:
> On 04/05/2016 09:16 PM, Seth Forshee wrote:
> > These commits bring xenial up to date wrt my branch for upstream. Most
> > of the changes here are in response to upstream feedback. At a high
> > level the changes are:
> >
> > - A small improvement to the quota code, then disallow enabling quota
> > for mounts from non-init user namespaces. Since quota in non-init
> > namespaces isn't a requirement in 16.04 we're better off disabling it
> > until we know for sure how it will be handled upstream. However ext4
> > might temporarily enable quota during mount if recovering from an
> > unclean unmount, so the kernel needs to be able to handle it.
> >
> > - Revert the way capabilities are determined for inodes in userns
> > mounts back to how it is upstream, i.e. based on both capabilities
> > and inode ownership, but allow a privileged user in s_user_ns to
> > chown if the id being changed is invalid and the other id is either
> > invalid or an id mapped into s_user_ns. This gives the mounter
> > control over inodes with unmappable ids while making it safe to have
> > s_user_ns != &init_user_ns for proc and kernfs-based mounts.
> >
> > - Fix an incompatibility between cgroup namespaces and user namespace
> > mounts. Previously this was fixed as a side effect of another patch,
> > but that patch is being reverted.
> >
> > - Remove a needless mount option initialization in fuse.
> >
> > - Fix a resource leak for an error path in sget_userns().
> >
> > Thanks,
> > Seth
> >
>
> Ick! I hate your timing. I would feel a lot more comfortable if you had
> some regression test results. Isn't this going to affect lxc/lxd ? How
> about general file testing ?
Yeah, I know. I was trying to get them out last week but got held up by
the cgroup stuff. I have my own set of regression tests I run on this
stuff though, which includes a bunch of tests with lxc/lxd, and Serge
has given them a spin too.
More information about the kernel-team
mailing list