Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp3907770ybv; Sun, 16 Feb 2020 08:41:34 -0800 (PST) X-Google-Smtp-Source: APXvYqxOaZ7BdSWW75vla7XMSfR7ZrdK86uL+c+etFw3MY0sSQaTg7hDGQocbdtZTz+L1ecwj+gS X-Received: by 2002:a05:6830:1555:: with SMTP id l21mr8868362otp.41.1581871294287; Sun, 16 Feb 2020 08:41:34 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581871294; cv=none; d=google.com; s=arc-20160816; b=SOz01zq/GMyQSaDx4KGS8uldPKYRbesjnt6zSnZ3vpLotyNr4mexSqhFiBfNIkgUp5 M3GtpmtdsTgOsjkyCUF2dpBqsyB3oKjTKm42GeWdfxch5lqWDdyYfutbgMoMEV34Vb9H 9uKcouyoWIi2JMXb2CH6+J0s2/jHdCqLAR8/ipQUbIvoi718JZiAcwKjjXmgOTsNendX yQ/UgMGoNjYfm7PrWckWPur8vvSQJZS9FdXZhbrWwVC1y0Wg/25/MHdOk+vTjNR4nvUN 2OKiBTJc/1VJhPFzE2swV/GAjkNOqQ/mDgZCGUr8NBqZTsWM0AK5IK4Q4OiRvWyhoKkc Kt4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=Kqm5NiWuzHimoRP9VZftKNLIFls45W+suNUV+01hmWs=; b=vyym7LplQgYpiCCKzq02HmtUMYrei1s4jKMfS/BirdO19QYLi0Rs+/JM6oXog1rOOz yxf5jeLBqUkqD5HBE/enSYS7CJtsuwETBMDD3qvZE06hdjqp1Pnflj8KfpOpwgBGQu9A N0MRlKADWdXmpa8l3mmNuqQRq2fO4F4GwiRmI5p8tm3h9P8o9q70skEdaG5bPpQz5/bf LRd6h/1XejGk0uZgwQbOiFRt3xRpQv3ffOFIzTS4Hzx3xv1uCMLnJmu7fOXMIu7WMQTE EE6bqZIHwkfqsEW6/R0UyRkDPNDMlCaTfRgN6HqaCHj7CB3aWqusHDQYn0ACTwrIvTID DZZg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e26si5402137oii.88.2020.02.16.08.41.21; Sun, 16 Feb 2020 08:41:34 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728469AbgBPQlS (ORCPT + 99 others); Sun, 16 Feb 2020 11:41:18 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:48353 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728239AbgBPQlS (ORCPT ); Sun, 16 Feb 2020 11:41:18 -0500 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1j3MyN-0000uq-KZ; Sun, 16 Feb 2020 16:40:47 +0000 Date: Sun, 16 Feb 2020 17:40:46 +0100 From: Christian Brauner To: Florian Weimer Cc: =?utf-8?B?U3TDqXBoYW5l?= Graber , "Eric W. Biederman" , Aleksa Sarai , Jann Horn , smbarber@chromium.org, Seth Forshee , Alexander Viro , Alexey Dobriyan , Serge Hallyn , James Morris , Kees Cook , Jonathan Corbet , Phil Estes , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, containers@lists.linux-foundation.org, linux-security-module@vger.kernel.org, linux-api@vger.kernel.org Subject: Re: [PATCH v2 00/28] user_namespace: introduce fsid mappings Message-ID: <20200216164046.3g2nqvyrd6nis5tm@wittgenstein> References: <20200214183554.1133805-1-christian.brauner@ubuntu.com> <87pneesf0a.fsf@mid.deneb.enyo.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87pneesf0a.fsf@mid.deneb.enyo.de> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Feb 16, 2020 at 04:55:49PM +0100, Florian Weimer wrote: > * Christian Brauner: > > > With fsid mappings we can solve this by writing an id mapping of 0 > > 100000 100000 and an fsid mapping of 0 300000 100000. On filesystem > > access the kernel will now lookup the mapping for 300000 in the fsid > > mapping tables of the user namespace. And since such a mapping exists, > > the corresponding files will have correct ownership. > > I'm worried that this is a bit of a management nightmare because the > data about the mapping does not live within the file system (it's > externally determined, static, but crucial to the interpretation of > file system content). I expect that many organizations have Iiuc, that's already the case with user namespaces right now e.g. when you have an on-disk mapping that doesn't match your user namespace mapping. > centralized allocation of user IDs, but centralized allocation of the > static mapping does not appear feasible. I thought we're working on this right now with the new nss infrastructure to register id mappings aka the shadow discussion we've been having. > > Have you considered a more complex design, where untranslated nested > user IDs are store in a file attribute (or something like that)? This That doesn't sound like it would be feasible especially in the nesting case wrt. to performance. Christian