mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

docs: update mapping documentation 

commit 8cc5c54de4 upstream.

Now that we implement the full remapping algorithms described in our
documentation remove the section about shortcircuting them.

Link: https://lore.kernel.org/r/20211123114227.3124056-6-brauner@kernel.org (v1)
Link: https://lore.kernel.org/r/20211130121032.3753852-6-brauner@kernel.org (v2)
Link: https://lore.kernel.org/r/20211203111707.3901969-6-brauner@kernel.org
Cc: Seth Forshee <sforshee@digitalocean.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Al Viro <viro@zeniv.linux.org.uk>
CC: linux-fsdevel@vger.kernel.org
Reviewed-by: Seth Forshee <sforshee@digitalocean.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Christian Brauner 2022-06-28 14:16:13 +02:00 committed by Greg Kroah-Hartman
parent b20dcf603b
commit 1c62e0186d
1 changed files with 0 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
Documentation/filesystems/idmappings.rst
View File

@ -952,75 +952,3 @@ The raw userspace id that is put on disk is ``u1000`` so when the user takes
their home directory back to their home computer where they are assigned
``u1000`` using the initial idmapping and mount the filesystem with the initial
idmapping they will see all those files owned by ``u1000``.
Shortcircuting
--------------
Currently, the implementation of idmapped mounts enforces that the filesystem
is mounted with the initial idmapping. The reason is simply that none of the
filesystems that we targeted were mountable with a non-initial idmapping. But
that might change soon enough. As we've seen above, thanks to the properties of
idmappings the translation works for both filesystems mounted with the initial
idmapping and filesystem with non-initial idmappings.
Based on this current restriction to filesystem mounted with the initial
idmapping two noticeable shortcuts have been taken:
1. We always stash a reference to the initial user namespace in ``struct
vfsmount``. Idmapped mounts are thus mounts that have a non-initial user
namespace attached to them.
In order to support idmapped mounts this needs to be changed. Instead of
stashing the initial user namespace the user namespace the filesystem was
mounted with must be stashed. An idmapped mount is then any mount that has
a different user namespace attached then the filesystem was mounted with.
This has no user-visible consequences.
2. The translation algorithms in ``mapped_fs*id()`` and ``i_*id_into_mnt()``
are simplified.
Let's consider ``mapped_fs*id()`` first. This function translates the
caller's kernel id into a kernel id in the filesystem's idmapping via
a mount's idmapping. The full algorithm is::
mapped_fsuid(kid):
/* Map the kernel id up into a userspace id in the mount's idmapping. */
from_kuid(mount-idmapping, kid) = uid
/* Map the userspace id down into a kernel id in the filesystem's idmapping. */
make_kuid(filesystem-idmapping, uid) = kuid
We know that the filesystem is always mounted with the initial idmapping as
we enforce this in ``mount_setattr()``. So this can be shortened to::
mapped_fsuid(kid):
/* Map the kernel id up into a userspace id in the mount's idmapping. */
from_kuid(mount-idmapping, kid) = uid
/* Map the userspace id down into a kernel id in the filesystem's idmapping. */
KUIDT_INIT(uid) = kuid
Similarly, for ``i_*id_into_mnt()`` which translated the filesystem's kernel
id into a mount's kernel id::
i_uid_into_mnt(kid):
/* Map the kernel id up into a userspace id in the filesystem's idmapping. */
from_kuid(filesystem-idmapping, kid) = uid
/* Map the userspace id down into a kernel id in the mounts's idmapping. */
make_kuid(mount-idmapping, uid) = kuid
Again, we know that the filesystem is always mounted with the initial
idmapping as we enforce this in ``mount_setattr()``. So this can be
shortened to::
i_uid_into_mnt(kid):
/* Map the kernel id up into a userspace id in the filesystem's idmapping. */
__kuid_val(kid) = uid
/* Map the userspace id down into a kernel id in the mounts's idmapping. */
make_kuid(mount-idmapping, uid) = kuid
Handling filesystems mounted with non-initial idmappings requires that the
translation functions be converted to their full form. They can still be
shortcircuited on non-idmapped mounts. This has no user-visible consequences.