APPLIED: Pull request: nsmount updates
Tim Gardner
tim.gardner at canonical.com
Wed Apr 6 09:47:52 UTC 2016
On 04/05/2016 09:16 PM, Seth Forshee wrote:
> These commits bring xenial up to date wrt my branch for upstream. Most
> of the changes here are in response to upstream feedback. At a high
> level the changes are:
>
> - A small improvement to the quota code, then disallow enabling quota
> for mounts from non-init user namespaces. Since quota in non-init
> namespaces isn't a requirement in 16.04 we're better off disabling it
> until we know for sure how it will be handled upstream. However ext4
> might temporarily enable quota during mount if recovering from an
> unclean unmount, so the kernel needs to be able to handle it.
>
> - Revert the way capabilities are determined for inodes in userns
> mounts back to how it is upstream, i.e. based on both capabilities
> and inode ownership, but allow a privileged user in s_user_ns to
> chown if the id being changed is invalid and the other id is either
> invalid or an id mapped into s_user_ns. This gives the mounter
> control over inodes with unmappable ids while making it safe to have
> s_user_ns != &init_user_ns for proc and kernfs-based mounts.
>
> - Fix an incompatibility between cgroup namespaces and user namespace
> mounts. Previously this was fixed as a side effect of another patch,
> but that patch is being reverted.
>
> - Remove a needless mount option initialization in fuse.
>
> - Fix a resource leak for an error path in sget_userns().
>
> Thanks,
> Seth
>
Ick! I hate your timing. I would feel a lot more comfortable if you had
some regression test results. Isn't this going to affect lxc/lxd ? How
about general file testing ?
I dropped the original commits and reverts since they were clearly just
noise in the commit log.
rtg
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list