Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp5138462ybv; Mon, 17 Feb 2020 13:08:10 -0800 (PST) X-Google-Smtp-Source: APXvYqwgOHuAbDHsGsTNexJylXcNoLrwnp7b2TRreGWYMqHrPTJ0eiNxQzCFu8aySAbCiS199Itf X-Received: by 2002:a54:4895:: with SMTP id r21mr605272oic.107.1581973690834; Mon, 17 Feb 2020 13:08:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1581973690; cv=none; d=google.com; s=arc-20160816; b=I9WsfKaoxudN2MAmQkk5+fwwV6PkN7JAAgcc8ETgiC0l96BoGZjc0/cXOfU5npZZZ6 fFWit+pW4ajHAFuoJBaGQrEv2l4q3ajG1IAn2eeOeqvu3QAxJS2j00x4vGIENJNFpr4E kar4L/bqnE5jdS6aYYlqGTWMD1f2QxdTR3lsN970h3mDkzwuGq96gL6WY+tFa9uQrLje 9WWORAVzO8eRl6XKqbYCJ/AhTEAtspgio5OOIUdB6gg5I1v8HtnImOA0xTJdHUoA+lpD O9mYS4WQKCKSzWusM40K+nRF0xbfHoZ8miHI7Jb7kkNZD2g42gcKvK8Co4rd47kgtwzW itVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:dkim-signature; bh=gWQzJwPb4/ndWKCOaoiMlWNgxU9b3r08/86xnXqPGmg=; b=QRe/vmC2HRl1AmBgklP1rrF8d408wsHHyKC+HNyYVCy6IXopyjjltA2V29JXlWf3iC RAnrGK0klmSsNeqsB4bCCuuF+ZmGmCi3Fj2pMV8qmYeq9YaRZQsn2oI9AtAECN8p9P80 6ZmkCUjpw+7z6VA86MgoYZSr4isy94C2PjGZa1Ze3zhloeqsQtbJs0472lZ+vnt2kzf4 9HO9lNe/3z1xWag7HvP1eXj3O44EP16+VHFJcrCkuuLRQ5q0dQp1Pz8JLrTfjQ4NHZqr O9ohkmUv3gkDW/0xwiMHUYZ8l8o2RzsxRsO7WhaP6vWffJvLBNq9Aqm406WVUT+8O9aX s2NA== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=iiSqW4Qs; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=vP32wPjT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m12si6688874oim.195.2020.02.17.13.07.55; Mon, 17 Feb 2020 13:08:10 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=iiSqW4Qs; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=vP32wPjT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729812AbgBQVGP (ORCPT + 99 others); Mon, 17 Feb 2020 16:06:15 -0500 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:38056 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728142AbgBQVGP (ORCPT ); Mon, 17 Feb 2020 16:06:15 -0500 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 466BB8EE218; Mon, 17 Feb 2020 13:06:14 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1581973574; bh=Ye6mKiav8eWebLVBGMgayVZBb7heIIMuGJ8hEE7lDI0=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=iiSqW4Qs0du1znFCIxrbW3rsNBS0ZWGcsPJFuwAjeU8QZorEjP1m+ojE9K8y3RF85 jE1YlPMzH3mVOpgj/RNhWtMpJ2DZ0xVfVh8WD3gKtkJSJF1EN5niLEOj//hhB5R2tV UN4LLK5FRcuYjJAQzcyvPzMwGiEm/zdL4PoB1A/Y= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V6nM5tdySi7P; Mon, 17 Feb 2020 13:06:12 -0800 (PST) Received: from jarvis.ext.hansenpartnership.com (jarvis.ext.hansenpartnership.com [153.66.160.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 5BF0B8EE0F5; Mon, 17 Feb 2020 13:06:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1581973572; bh=Ye6mKiav8eWebLVBGMgayVZBb7heIIMuGJ8hEE7lDI0=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=vP32wPjTKMUEEnhAJdE2mjE2viHl89h4Vo3gO8TCgoE5Vw7ZDz1Yhh5W6zKh1wE63 zhP7dER+FAH3nmwMJ3XIXTIKcs0Hjm0ANG0DzAf558gdi8n39NF3ZwN/YHfUp4GOXu /ExioklqE0lmR12tgLheR4VDDmrNWdyveifOSCZI= Message-ID: <1581973568.24289.6.camel@HansenPartnership.com> Subject: Re: [PATCH v2 00/28] user_namespace: introduce fsid mappings From: James Bottomley To: Christian Brauner , =?ISO-8859-1?Q?St=E9phane?= Graber , "Eric W. Biederman" , Aleksa Sarai , Jann Horn Cc: Kees Cook , Jonathan Corbet , linux-kernel@vger.kernel.org, containers@lists.linux-foundation.org, smbarber@chromium.org, Seth Forshee , linux-security-module@vger.kernel.org, Alexander Viro , linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org, Alexey Dobriyan Date: Mon, 17 Feb 2020 13:06:08 -0800 In-Reply-To: <20200214183554.1133805-1-christian.brauner@ubuntu.com> References: <20200214183554.1133805-1-christian.brauner@ubuntu.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, 2020-02-14 at 19:35 +0100, Christian Brauner wrote: [...] > People not as familiar with user namespaces might not be aware that > fsid mappings already exist. Right now, fsid mappings are always > identical to id mappings. Specifically, the kernel will lookup fsuids > in the uid mappings and fsgids in the gid mappings of the relevant > user namespace. This isn't actually entirely true: today we have the superblock user namespace, which can be used for fsid remapping on filesystems that support it (currently f2fs and fuse). Since this is a single shift, how is it going to play with s_user_ns? Do you have to understand the superblock mapping to use this shift, or are we simply using this to replace s_user_ns? James