[PATCH 00/34] fs: idmapped mounts
Eric W. Biederman
ebiederm at xmission.com
Thu Oct 29 16:44:33 UTC 2020
Tycho Andersen <tycho at tycho.pizza> writes:
> Hi Eric,
>
> On Thu, Oct 29, 2020 at 10:47:49AM -0500, Eric W. Biederman wrote:
>> Christian Brauner <christian.brauner at ubuntu.com> writes:
>>
>> > Hey everyone,
>> >
>> > I vanished for a little while to focus on this work here so sorry for
>> > not being available by mail for a while.
>> >
>> > Since quite a long time we have issues with sharing mounts between
>> > multiple unprivileged containers with different id mappings, sharing a
>> > rootfs between multiple containers with different id mappings, and also
>> > sharing regular directories and filesystems between users with different
>> > uids and gids. The latter use-cases have become even more important with
>> > the availability and adoption of systemd-homed (cf. [1]) to implement
>> > portable home directories.
>>
>> Can you walk us through the motivating use case?
>>
>> As of this year's LPC I had the distinct impression that the primary use
>> case for such a feature was due to the RLIMIT_NPROC problem where two
>> containers with the same users still wanted different uid mappings to
>> the disk because the users were conflicting with each other because of
>> the per user rlimits.
>>
>> Fixing rlimits is straight forward to implement, and easier to manage
>> for implementations and administrators.
>
> Our use case is to have the same directory exposed to several
> different containers which each have disjoint ID mappings.
Why do the you have disjoint ID mappings for the users that are writing
to disk with the same ID?
>> Reading up on systemd-homed it appears to be a way to have encrypted
>> home directories. Those home directories can either be encrypted at the
>> fs or at the block level. Those home directories appear to have the
>> goal of being luggable between systems. If the systems in question
>> don't have common administration of uids and gids after lugging your
>> encrypted home directory to another system chowning the files is
>> required.
>>
>> Is that the use case you are looking at removing the need for
>> systemd-homed to avoid chowning after lugging encrypted home directories
>> from one system to another? Why would it be desirable to avoid the
>> chown?
>
> Not just systemd-homed, but LXD has to do this,
I asked why the same disk users are assigned different kuids and the
only reason I have heard that LXD does this is the RLIMIT_NPROC problem.
Perhaps there is another reason.
In part this is why I am eager to hear peoples use case, and why I was
trying very hard to make certain we get the requirements.
I want the real requirements though and some thought, not just we did
this and it hurts. Changning the uids on write is a very hard problem,
and not just in implementating it but also in maintaining and
understanding what is going on.
Eric
More information about the Linux-security-module-archive
mailing list