Use cases for multiple uid mapping?
Eric W. Biederman
ebiederm at xmission.com
Fri Aug 28 15:17:16 UTC 2020
We had a discussion in the hackroom at LPC talking about use cases for
a shiftfs style setup where there are different mappings of uids to
disk.
In the discussion we had a couple of ideas of kernel developments
we should look at that address some of these.
- Fix rlimits in user namespaces (This potentially allows multiple
containers to run with the same userids simplifying the mapping
problem).
- Look at extending kuid_t to 64bits and using the highbits to
implement uids that are private to user namespaces and don't
map out.
- Look at ways for allowing setgroups unprivileged.
Together this has the potential that the existing uid & gid mappings
will be able to function the same as the proposed fusid mappings. Fingers crossed.
I had some problems with audio and a lot of people were talking
quickly. So I did not manage to capture everyone's use cases. And I
definitely was not able to see how everyone's use cases interacted with
the changes we are looking at.
I know for certain I missed Serge's usecase (apologies).
Can people follow up to this and report their use cases?
There are some real challenges and I would like to see if we
can solve them, while avoiding scary problems like changing
uids on write.
Eric
More information about the Containers
mailing list