Quoting Thomas Tanaka ([email protected]): > > On 3/11/2016 3:07 PM, Serge Hallyn wrote: > >Quoting Thomas Tanaka ([email protected]): > >>On 3/10/2016 4:18 PM, Serge Hallyn wrote: > >>>Quoting Thomas Tanaka ([email protected]): > >>>>Hi, > >>>> > >>>>This question might not be specific to lxc/lxd but containers in > >>>>general, I hope that is okay. > >>>>I have a process created using clone with the following flags > >>>>(CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUSER). > >>>>The process then try to mount the mqueue filesystem (mount -t mqueue > >>>>mqueue /dev/mqueue). > >>>>However, the mounted mqueue fs has inode->i_uid = 0, instead of our > >>>>ns uid e.g 10000. Is this expected ? > >>>>For other e.g tmpfs the inode->i_uid is properly set to our ns uid. > >>>Doesn't happen for me. As simplest example, if I > >>> > >>>lxc-usernsexec > >>># lxc-unshare -s 'IPC|MOUNT' bash > >>>## mount -t mqueue mqueue /mnt > >>>## touch /mnt; ls -ld /mnt; ls -l /mnt > >>> > >>>I see everything owned by my namespaced root user, 'root' in my shell. > >>Right, maybe my understanding is not correct. > >>So maybe the question should be phrased in such a way, why does a > >>newly clone() process with CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWUSER > >>does not seem to perfom switch_task_namespaces() ? > >>The observation here is, yes inside of the userns it is owned by > >>root, but outside of it, i.e in the 'global' ns shouldn't it be > >How are you viewing it from the outside? You'll need to go > >through /proc/pid/root/dev/mqueue, else you're look at the > >host's mqueue mount right? > Yeah, so I instrumented the kernel (~4.1.12) to print the value of > inode->i_uid, at mqueue_fill_super() (ipc/mqueue.c), > so with every mount i could see the value of inode->i_uid from the log.
Dunno. It works on my kernel. From a host shell I get: # ls -l /proc/13383/root/mnt/ -rw-rw-r-- 1 100000 100000 80 Mar 11 15:24 ab (where pid 13383 is in a private namespace and mounted /dev/mqueue on /mnt) _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
