shiftfs status and future development
Aleksa Sarai
asarai at suse.de
Fri Jun 15 17:04:36 UTC 2018
On 2018-06-15, James Bottomley <James.Bottomley at HansenPartnership.com> wrote:
> > > - Supports any id maps possible for a user namespace
> >
> > Have we already ruled out storing the container's UID/GID/perms in an
> > extended attribute, and having all the files owned by the owner of
> > the container from the perspective of the unshifted fs. Then shiftfs
> > reads the xattr and presents the files with the container's idea of
> > what the UID is?
>
> I've got an experimental patch set that does the *mark* as an xattr.
I forgot to ask you about this when we all met face-to-face -- can you
go over what the purpose of marking the mounts before being able to
shifts is? When I saw your demo at LPC I was quite confused about what
it was doing (I think you mentioned it was a security feature, but I
must admit I didn't follow the explanation).
--
Aleksa Sarai
Senior Software Engineer (Containers)
SUSE Linux GmbH
<https://www.cyphar.com/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.linuxfoundation.org/pipermail/containers/attachments/20180616/c0b83ff6/attachment-0001.sig>
More information about the Containers
mailing list