Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp166627pxb;
        Fri, 15 Jan 2021 09:56:34 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwBaAEFDM3ErZn+iOQqVUuG1JD4vPxl3/ZwkxWK2dnFQ9zT+LBekXb5zPC8QLpaj08pGDMu
X-Received: by 2002:aa7:c44b:: with SMTP id n11mr8332833edr.96.1610733393956;
        Fri, 15 Jan 2021 09:56:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1610733393; cv=none;
        d=google.com; s=arc-20160816;
        b=WZ3IciwhWGoCudVf0IDo+dX99TqtlOhePeQTzqRGWUxtVmUL/5RHfUGGYE27wNDr4p
         KG1FMrM7ON5/VxJKOTOiDdfKQX1AMi3bmEjmiFM60NJ8xnGEsYcNbzAEzmxGaDZcCXHo
         WBX+g+14sxcCAQyTEfzx97cVpgg3xlMJJmDX1bLvXYYbZJEtFhQmSC9QKhmDp6uyitG+
         Q2I6aHrtv97L1ueY9L+OMC+bPwgweBBiQ/8JUjNTYxupDyQnJQUVvKllKujQpmEZbkVt
         HxeXacjkuhwP4jgwpUrm+m04IK66y7zj3Cxxpq5OEHvZByPeds9NcHSNyiSUOl7F2N5b
         Gp6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:in-reply-to:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=wMhyV/b5Ksrc3cVAgm7zhbPbddDQen+TbISQcMqTr34=;
        b=HqDaeP0pM3Is4K8JEzZSTO5oD1ul+6c1KtQN4eKYifczD9sIa33NkjTHPFPH+BkMVy
         CWasI2jL8vpaasejkjwG5nDrouwvifPMdFI92myapqENkPkIlGv6FkJPtYlthHs0Zaa2
         LkO/0+ijnfPU2Bv/ov/CiTiqKXMTxlFxit1FZuEA85qfeSAZIPZCttnnHZ4xbPN80MqP
         XGDlfPg7gcaNMTuMllBrST5xlhyZsfqZHYou6P5u+jqaoABF+LNrUTvHAQ6GEhHLGG1H
         2uN+BtpSvKgcWg4DoFYaELcOUNVxISjQUvik2WoJPtDiWw9hr2Wiyb8wZlgwMpg0+HbB
         wsbg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org
Return-Path: <linux-ext4-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id l11si4526040ejx.183.2021.01.15.09.56.06;
        Fri, 15 Jan 2021 09:56:33 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726669AbhAORxM (ORCPT <rfc822;romeusmeister@gmail.com>
        + 99 others); Fri, 15 Jan 2021 12:53:12 -0500
Received: from outgoing-auth-1.mit.edu ([18.9.28.11]:33202 "EHLO
        outgoing.mit.edu" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org
        with ESMTP id S1726402AbhAORxL (ORCPT
        <rfc822;linux-ext4@vger.kernel.org>); Fri, 15 Jan 2021 12:53:11 -0500
Received: from cwcc.thunk.org (pool-72-74-133-215.bstnma.fios.verizon.net [72.74.133.215])
        (authenticated bits=0)
        (User authenticated as tytso@ATHENA.MIT.EDU)
        by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 10FHpKnV022119
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
        Fri, 15 Jan 2021 12:51:21 -0500
Received: by cwcc.thunk.org (Postfix, from userid 15806)
        id 3494715C399F; Fri, 15 Jan 2021 12:51:20 -0500 (EST)
Date:   Fri, 15 Jan 2021 12:51:20 -0500
From:   "Theodore Ts'o" <tytso@mit.edu>
To:     Christoph Hellwig <hch@infradead.org>
Cc:     Dave Chinner <david@fromorbit.com>,
        "Darrick J. Wong" <djwong@kernel.org>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel@vger.kernel.org,
        John Johansen <john.johansen@canonical.com>,
        James Morris <jmorris@namei.org>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Arnd Bergmann <arnd@arndb.de>,
        Andreas Dilger <adilger.kernel@dilger.ca>,
        OGAWA Hirofumi <hirofumi@mail.parknet.co.jp>,
        Geoffrey Thomas <geofft@ldpreload.com>,
        Mrunal Patel <mpatel@redhat.com>,
        Josh Triplett <josh@joshtriplett.org>,
        Andy Lutomirski <luto@kernel.org>,
        Alban Crequy <alban@kinvolk.io>,
        Tycho Andersen <tycho@tycho.ws>,
        David Howells <dhowells@redhat.com>,
        James Bottomley <James.Bottomley@hansenpartnership.com>,
        Seth Forshee <seth.forshee@canonical.com>,
        St?phane Graber <stgraber@ubuntu.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Aleksa Sarai <cyphar@cyphar.com>,
        Lennart Poettering <lennart@poettering.net>,
        "Eric W. Biederman" <ebiederm@xmission.com>, smbarber@chromium.org,
        Phil Estes <estesp@gmail.com>, Serge Hallyn <serge@hallyn.com>,
        Kees Cook <keescook@chromium.org>,
        Todd Kjos <tkjos@google.com>, Paul Moore <paul@paul-moore.com>,
        Jonathan Corbet <corbet@lwn.net>,
        containers@lists.linux-foundation.org,
        linux-security-module@vger.kernel.org, linux-api@vger.kernel.org,
        linux-ext4@vger.kernel.org, linux-xfs@vger.kernel.org,
        linux-integrity@vger.kernel.org, selinux@vger.kernel.org
Subject: Re: [PATCH v5 00/42] idmapped mounts
Message-ID: <YAHWGMb9rTehRsRz@mit.edu>
References: <20210112220124.837960-1-christian.brauner@ubuntu.com>
 <20210114171241.GA1164240@magnolia>
 <20210114204334.GK331610@dread.disaster.area>
 <20210115162423.GB2179337@infradead.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20210115162423.GB2179337@infradead.org>
Precedence: bulk
List-ID: <linux-ext4.vger.kernel.org>
X-Mailing-List: linux-ext4@vger.kernel.org

On Fri, Jan 15, 2021 at 04:24:23PM +0000, Christoph Hellwig wrote:
> 
> That is what the capabilities are designed for and we already check
> for them.

So perhaps I'm confused, but my understanding is that in the
containers world, capabilities are a lot more complicated.  There is:

1) The initial namespace capability set

2) The container's user-namespace capability set

3) The namespace in which the file system is mounted --- which is
      "usually, but not necessarily the initial namespace" and
      presumably could potentially not necessarily be the current
      container's user name space, is namespaces can be hierarchically
      arranged.

Is that correct?  If so, how does this patch set change things (if
any), and and how does this interact with quota administration
operations?

On a related note, ext4 specifies a "reserved user" or "reserved
group" which can access the reserved blocks.  If we have a file system
which is mounted in a namespace running a container which is running
RHEL or SLES, and in that container, we have a file system mounted (so
it was not mounted in the initial namespace), with id-mapping --- and
then there is a further sub-container created with its own user
sub-namespace further mapping uids/gids --- will the right thing
happen?  For that matter, how *is* the "right thing" defined?

Sorry if this is a potentially stupid question, but I find user
namespaces and id and capability mapping to be hopefully confusing for
my tiny brain.  :-)

						- Ted