[PATCH 2/4][DISCO] shiftfs: rework and extend

St├ęphane Graber stgraber at ubuntu.com
Fri Mar 29 23:00:20 UTC 2019


On Fri, Mar 29, 2019 at 05:56:55PM -0500, Tyler Hicks wrote:
> On 2019-03-27 15:11:26, Christian Brauner wrote:
> > /* Mount Options */
> > - mark
> >   When set the mark mount option indicates that the mount in question is
> >   allowed to be shifted. Since shiftfs it mountable in by user namespace root
> >   non-initial user namespace this mount options ensures that the system
> >   administrator has decided that the marked mount is safe to be shifted.
> >   To mark a mount as shiftable CAP_SYS_ADMIN in the user namespace is required.
> 
> Just to make sure that I'm understanding the changes that this patch
> make to .fill_super... CAP_SYS_ADMIN is still required in the
> init_user_ns for that first mark mount, correct?
> 
> How does LXD plan to integrate support for shiftfs? Will it be selective
> on the mark mounts that it performs on behalf of unprivileged users?

For any container which is unprivileged and has an unshifted rootfs, LXD
will detect if the kernel has support for shiftfs and if so, will
instruct liblxc (through hooks) to mark the rootfs on the host
namespace, then mount shiftfs in the container namespace and then
unmount the marked mount from the host (to avoid keeping needless mount
table entries).

This logic got merged earlier today and can be found here:
  https://github.com/lxc/lxd/commit/c2d69e3762bedd76deadc46507a86193c96c7a02

> 
> Tyler

-- 
St├ęphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190329/a6da1a16/attachment.sig>


More information about the kernel-team mailing list