[PATCH 4/6] user namespaces: add user_ns to super block

Eric W. Biederman ebiederm at xmission.com
Mon Jul 28 14:53:00 PDT 2008


"Serge E. Hallyn" <serue at us.ibm.com> writes:

>>From 420d6e81ce29d7a6fe3ab7b43c1171e105f8b697 Mon Sep 17 00:00:00 2001
> From: Serge Hallyn <serue at us.ibm.com>
> Date: Thu, 24 Jul 2008 18:00:54 -0500
> Subject: [PATCH 4/6] user namespaces: add user_ns to super block
>
> Add a user_ns to the super_block, and set it to the user_ns of
> the process which mounted the fs.
>
> In generic_permission() compare the current user_ns to that
> of the user_ns which mounted the inode's filesystem.

I don't think this is the right approach.

When we had the conversation earlier this was conceptually rejected
as it prevents nfs superblock unification.

We really want to store this in the vfsmount and pass the user namespace down
from there to where we are going to use it if at all possible.

The vfsmount also appears necessary if we are ever going to support multiple
user namespaces per filesystem as the filesystem still need to know which 
user namespace to interpret it's data in.

Eric


More information about the Containers mailing list