NAK: user namespace delta for raring?

Fri Jan 18 06:36:21 UTC 2013

Serge Hallyn <serge.hallyn at canonical.com> writes:

> Quoting Eric W. Biederman (ebiederm at xmission.com):
>> Serge Hallyn <serge.hallyn at canonical.com> writes:
>> 
>> > Quoting Tim Gardner (tim.gardner at canonical.com):
>> >> On 01/16/2013 04:21 PM, Serge Hallyn wrote:
>> >> >Hi,
>> >> >
>> >> >The bulk of Eric's user namespace patches were accepted into 3.8.
>> >> >The remainder are mainly updates to devpts and some kuid fixups for
>> >> >various filesystems.  A raring tree with those patches pushed on
>> >> >top is at
>> >> >
>> >> >http://kernel.ubuntu.com/git?p=serge/quantal-userns.git;a=summary
>> >> >
>> >> >Most of the additional patches come from Eric's tree, though a
>> >> >few are fixups for Ubuntu delta, plus a patch of mine to allow
>> >> >tmpfs mounts in user namespaces.
>> >> >
>> >> >With that kernel, I can run lxc containers in private user
>> >> >namespaces.
>> >> >
>> >> >Would it be possible to carry these patches as an Ubuntu delta
>> >> >in raring?
>> >> >
>> >> >thanks,
>> >> >-serge
>> >> >
>> >> 
>> >> I'm quite reluctant to carry these patches. I think they need a
>> >> bunch of maintainer approvals yet, and definitely some bake time in
>> >> linux-next (if they haven't already). I'd be a lot more willing to
>> >> consider them as cherry-picks or backports from the 3.9 merge. What
>> >> you are proposing appears to have deep and substantive internal
>> >> behavioural changes that will be extremely difficult for anyone on
>> >> my team to debug in the event of error.
>> >
>> > That's too bad, but thanks.
>> >
>> > (The patches with subject 'userns: Convert <...>' are not deep
>> > substantive changes, but the devpts ones are, and without those
>> > we still wouldn't have enough to use user namespace with ubuntu
>> > system containers.)
>> 
>> I will start a final review and pushing these things into linux-next
>> shortly.  Certainly a lot of my filesystem conversion to kuid and kgid
>> patches need to be broken up into smaller patches so it is clear they
>> are simple and obviously correct.
>> 
>> To help me prioritize things are there any of the remaining filesystem
>> that I have patches for that Ubunutu does not build?  Perhaps you don't
>> care about xfs?
>
> I'm afraid all of the ones yet to be merged from your tree are compiled.
> Even coda gets compiled (as a module)!  :)

I figured they probably were but I was hoping I would get lucky
and one of ceph, 9p, afs, cifs, coda, gfs2, ncpfs, ocfs2, nfs or xfs
was considered crazy enough not to support or build.

>> The basic devpts change is about like the tmptfs change a single line.
>> 
>> The tricky part with devpts is figuring where to modify userspace so
>> that /dev/pts is mounted with the newinstance options in a container
>> isn't it?  Since udev doesn't create device nodes not creating making
>> /dev/ptmx a symlink to /dev/pts/ptmx should not be a problem.  Serge are
>> there useful containers you can build that can use the newinstance
>> mount option of /dev/pts?
>
> Sorry I'm missing something...  all of the containers we normally create
> use a newinstance mount option for their own /dev/pts, mounted by the
> child in the new user namespace.  (They also inherit, for /dev/ttyN,
> ptys from the parent devpts mount.  Those get chowned to the mapped ids
> for root:tty to handle the userns)

A big chunk of my devpts patches are to resolve the newinstance
/dev/ptmx mess.  I forget all of the details of why that is a problem.
How to sort out that mess is a problem, substantial and maybe a little
controversial.

The basics of allowing devpts to be mounted with user namespace
permissions should be a trivial few additional lines of code.

>> I don't plan to drop any of my work in my queue but if we router around
>> some of the parts that need lots of reivew that would be great.
>
> I wonder if we can delay some of the quota stuff.

Not if quota support is enabled in Ubuntu's kernels, and it should
because I believe XFS forces it on.  And the kuid and kgid push down
through the quotas needs to happen.  If that doesn't happen you get
non-type safe accesses and holes kuid and uid confusion that is unlikely
safe in the short term and that will definitely lead to bugs in the long
term.

Eric