On 3/10/2016 4:18 PM, Serge Hallyn wrote:
Quoting Thomas Tanaka (thomas.tan...@oracle.com):
Hi,
This question might not be specific to lxc/lxd but containers in
general, I hope that is okay.
I have a process created using clone with the following flags
(CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUSER).
The process then try to mount the mqueue filesystem (mount -t mqueue
mqueue /dev/mqueue).
However, the mounted mqueue fs has inode->i_uid = 0, instead of our
ns uid e.g 10000. Is this expected ?
For other e.g tmpfs the inode->i_uid is properly set to our ns uid.
Doesn't happen for me. As simplest example, if I
lxc-usernsexec
# lxc-unshare -s 'IPC|MOUNT' bash
## mount -t mqueue mqueue /mnt
## touch /mnt; ls -ld /mnt; ls -l /mnt
I see everything owned by my namespaced root user, 'root' in my shell.
Right, maybe my understanding is not correct.
So maybe the question should be phrased in such a way, why does a newly
clone() process with CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWUSER does not
seem to perfom switch_task_namespaces() ?
The observation here is, yes inside of the userns it is owned by root,
but outside of it, i.e in the 'global' ns shouldn't it be owned by the
'mapped id' e.g 10000, instead of 0 ?
Instead, for the mqueue fs, we need to do a unshare(CLONE_NEWIPC) prior
to mounting mqueue, so that the 'global' ns inode->i_uid will be
correctly set to the 'mapped id'.
Thank you for taking time to answer, really appreciate it!
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Regards,
Thomas
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
