APPLIED: Pull request: nsmount updates

Seth Forshee seth.forshee at canonical.com
Wed Apr 6 12:42:11 UTC 2016 

On Wed, Apr 06, 2016 at 01:10:24PM +0100, Tim Gardner wrote:
> On 04/06/2016 12:52 PM, Seth Forshee wrote:
> > On Wed, Apr 06, 2016 at 10:47:52AM +0100, Tim Gardner wrote:
> >> On 04/05/2016 09:16 PM, Seth Forshee wrote:
> >>> These commits bring xenial up to date wrt my branch for upstream. Most
> >>> of the changes here are in response to upstream feedback. At a high
> >>> level the changes are:
> >>>
> >>>  - A small improvement to the quota code, then disallow enabling quota
> >>>    for mounts from non-init user namespaces. Since quota in non-init
> >>>    namespaces isn't a requirement in 16.04 we're better off disabling it
> >>>    until we know for sure how it will be handled upstream. However ext4
> >>>    might temporarily enable quota during mount if recovering from an
> >>>    unclean unmount, so the kernel needs to be able to handle it.
> >>>
> >>>  - Revert the way capabilities are determined for inodes in userns
> >>>    mounts back to how it is upstream, i.e. based on both capabilities
> >>>    and inode ownership, but allow a privileged user in s_user_ns to
> >>>    chown if the id being changed is invalid and the other id is either
> >>>    invalid or an id mapped into s_user_ns. This gives the mounter
> >>>    control over inodes with unmappable ids while making it safe to have
> >>>    s_user_ns != &init_user_ns for proc and kernfs-based mounts.
> >>>
> >>>  - Fix an incompatibility between cgroup namespaces and user namespace
> >>>    mounts. Previously this was fixed as a side effect of another patch,
> >>>    but that patch is being reverted.
> >>>
> >>>  - Remove a needless mount option initialization in fuse.
> >>>
> >>>  - Fix a resource leak for an error path in sget_userns().
> >>>
> >>> Thanks,
> >>> Seth
> >>>
> >>
> >> Ick! I hate your timing. I would feel a lot more comfortable if you had
> >> some regression test results. Isn't this going to affect lxc/lxd ? How
> >> about general file testing ?
> > 
> > Yeah, I know. I was trying to get them out last week but got held up by
> > the cgroup stuff. I have my own set of regression tests I run on this
> > stuff though, which includes a bunch of tests with lxc/lxd, and Serge
> > has given them a spin too.
> > 
> 
> Are those tests something we should get into our normal pile ?

Partly it's xfstests, which I believe we're already running.

The other part are some test scripts I wrote, and running those is
probably a good idea. Some of the tests won't work without some manual
setup right now though, so I'll need to do something about those. I'll
look into getting them integrated.

More information about the kernel-team mailing list