[PATCH 0/4][DISCO] fs: add shiftfs

Christian Brauner christian at brauner.io
Thu Apr 4 13:29:09 UTC 2019 

On Wed, Apr 03, 2019 at 10:41:59PM -0500, Tyler Hicks wrote:
> On 2019-03-27 15:11:24, Christian Brauner wrote:
> > From: Ubuntu <ubuntu at vm04.maas.mtl.stgraber.net>
> > 
> > Hey everyone,
> > 
> > This is the patchset for shiftfs which Seth and I have been working on
> > for a while. It is needed to transparently translate the on-disk ids of
> > an underlaying filesystem into valid ids in a given user namespace.
> > This work has been mentioned quite a bit lately since we need it for LXD
> > and Anbox and has been targeted for inclusion in Disco.
> > The main advantage of shiftfs is that it provides signficiant
> > performance benefits as it lets us avoid recursively chowning the root
> > filesystem for unprivileged containers when they are created or when
> > their idmap is changed. This becomes very important with workloads where
> > we are running a huge number of containers which Anbox and LXD both are
> > currently doing. Other container runtimes will benefit from shiftfs in
> > Ubuntu as well.
> > Also, a big thank you to Seth who even with his regular busy schedule
> > still always was ready to help out by discussing ideas, reviewing, and
> > writing patches.
> 
> I don't see any show stoppers here. There are a couple things that need
> to be fixed up in the 2nd patch but they're all simple fixes. The btrfs
> ioctl patch is a hack but that's not going to be improved in the very
> near term and you've justified the hack in the commit description.
> 
> I'm glad to see that lxd is being selective about setting up mark mounts
> (only the container rootfs subtree will be marked and that's not
> reachable by unprivileged users).
> 
> I'm also glad to know that we have yourself and Seth around to fix any
> discovered issues. I think you two have been over every line many times
> so you'll be able to fix up anything quickly.
> 
> With the necessary changes in the 2nd patch,
> 
>   Acked-by: Tyler Hicks <tyhicks at canonical.com>

Thank you for the review, Tyler. Highly appreciated!

Christian

More information about the kernel-team mailing list