Not logged in
Log in now
Create an account
Subscribe to LWN
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
(Nearly) full tickless operation in 3.10
Namespaces in operation, part 5: User namespaces
Posted Feb 27, 2013 19:59 UTC (Wed) by einstein (subscriber, #2052)
Posted Feb 27, 2013 20:52 UTC (Wed) by SEJeff (subscriber, #51588)
Posted Feb 27, 2013 22:34 UTC (Wed) by mabshoff (guest, #86444)
Posted Feb 28, 2013 4:25 UTC (Thu) by SEJeff (subscriber, #51588)
[jeff@omniscience tmp]$ wget -q http://download.openvz.org/kernel/branches/2.6.18/028stab...
[jeff@omniscience tmp]$ du -hs patch-ovz028stab056.1-combined.gz
[jeff@omniscience tmp]$ gzip -d patch-ovz028stab056.1-combined.gz
[jeff@omniscience tmp]$ du -hs patch-ovz028stab056.1-combined
I did the same thing about a year ago and the results were the same. So I still stand by my previous comment. Around a megabyte :)
Posted Feb 28, 2013 14:33 UTC (Thu) by mabshoff (guest, #86444)
Yeah, that was the first hit I got, too, but I discarded it for the reason listed below.
> So I still stand by my previous comment. Around a megabyte :)
Well, that specific patch is for a RHEL 5 based kernel, i.e. on top of their version of 2.6.18. The RHEL 6 based 2.6.32 kernel patch weights in at currently 1.3 MB (see ). And that patch dates from March 4th 2011, so I would hardly call it current :p.
Anyway, with ploop and some of their other bits being out of mainline for now their patch is a little like the RT patch set: growing some time and shrinking some other time, but as patches move into mainline from it new patches for new functionality get added on top. At least after many years of living mostly out of mainline their efforts like CRIU have shown that you can merge it into mainline assuming all interested parties collaborate, and that is a really positive development imho.
Posted Feb 27, 2013 22:11 UTC (Wed) by ebiederm (subscriber, #35028)
That is what the remaining XFS work is about ensuring that XFS doesn't mix user space uids with in-kernel uids without adding the appropriate translations, and making it hard to mess confuse those two kinds of uids in the future. XFS has a very unique architecture for it's in-kernel filesystem data structures and many more user facing ioctls than most filesystems which means it can't be treated like just another filesystem.
What was not mentioned is that when a process in a user namespace interacts files, the interaction is the same as interacting with processes. When a file is created the uid of the process is mapped into the initial user namespace those mapped uids are stored on disk. Meanwhile when the process in a user namespace stats those files the uids are mapped back into it's namespace so it sees the uids it wrote with instead of the uids that are stored on disk.
This allows quotas and other filesystem features to work with user namespaces without any changes to the on-disk format.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds