mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-03 19:55:31 +00:00
docs: update mapping documentation
Now that we implement the full remapping algorithms described in our documentation remove the section about shortcircuting them. Link: https://lore.kernel.org/r/20211123114227.3124056-6-brauner@kernel.org (v1) Link: https://lore.kernel.org/r/20211130121032.3753852-6-brauner@kernel.org (v2) Link: https://lore.kernel.org/r/20211203111707.3901969-6-brauner@kernel.org Cc: Seth Forshee <sforshee@digitalocean.com> Cc: Amir Goldstein <amir73il@gmail.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Al Viro <viro@zeniv.linux.org.uk> CC: linux-fsdevel@vger.kernel.org Reviewed-by: Seth Forshee <sforshee@digitalocean.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
parent
1ac2a41049
commit
8cc5c54de4
@ -952,75 +952,3 @@ The raw userspace id that is put on disk is ``u1000`` so when the user takes
|
||||
their home directory back to their home computer where they are assigned
|
||||
``u1000`` using the initial idmapping and mount the filesystem with the initial
|
||||
idmapping they will see all those files owned by ``u1000``.
|
||||
|
||||
Shortcircuting
|
||||
--------------
|
||||
|
||||
Currently, the implementation of idmapped mounts enforces that the filesystem
|
||||
is mounted with the initial idmapping. The reason is simply that none of the
|
||||
filesystems that we targeted were mountable with a non-initial idmapping. But
|
||||
that might change soon enough. As we've seen above, thanks to the properties of
|
||||
idmappings the translation works for both filesystems mounted with the initial
|
||||
idmapping and filesystem with non-initial idmappings.
|
||||
|
||||
Based on this current restriction to filesystem mounted with the initial
|
||||
idmapping two noticeable shortcuts have been taken:
|
||||
|
||||
1. We always stash a reference to the initial user namespace in ``struct
|
||||
vfsmount``. Idmapped mounts are thus mounts that have a non-initial user
|
||||
namespace attached to them.
|
||||
|
||||
In order to support idmapped mounts this needs to be changed. Instead of
|
||||
stashing the initial user namespace the user namespace the filesystem was
|
||||
mounted with must be stashed. An idmapped mount is then any mount that has
|
||||
a different user namespace attached then the filesystem was mounted with.
|
||||
This has no user-visible consequences.
|
||||
|
||||
2. The translation algorithms in ``mapped_fs*id()`` and ``i_*id_into_mnt()``
|
||||
are simplified.
|
||||
|
||||
Let's consider ``mapped_fs*id()`` first. This function translates the
|
||||
caller's kernel id into a kernel id in the filesystem's idmapping via
|
||||
a mount's idmapping. The full algorithm is::
|
||||
|
||||
mapped_fsuid(kid):
|
||||
/* Map the kernel id up into a userspace id in the mount's idmapping. */
|
||||
from_kuid(mount-idmapping, kid) = uid
|
||||
|
||||
/* Map the userspace id down into a kernel id in the filesystem's idmapping. */
|
||||
make_kuid(filesystem-idmapping, uid) = kuid
|
||||
|
||||
We know that the filesystem is always mounted with the initial idmapping as
|
||||
we enforce this in ``mount_setattr()``. So this can be shortened to::
|
||||
|
||||
mapped_fsuid(kid):
|
||||
/* Map the kernel id up into a userspace id in the mount's idmapping. */
|
||||
from_kuid(mount-idmapping, kid) = uid
|
||||
|
||||
/* Map the userspace id down into a kernel id in the filesystem's idmapping. */
|
||||
KUIDT_INIT(uid) = kuid
|
||||
|
||||
Similarly, for ``i_*id_into_mnt()`` which translated the filesystem's kernel
|
||||
id into a mount's kernel id::
|
||||
|
||||
i_uid_into_mnt(kid):
|
||||
/* Map the kernel id up into a userspace id in the filesystem's idmapping. */
|
||||
from_kuid(filesystem-idmapping, kid) = uid
|
||||
|
||||
/* Map the userspace id down into a kernel id in the mounts's idmapping. */
|
||||
make_kuid(mount-idmapping, uid) = kuid
|
||||
|
||||
Again, we know that the filesystem is always mounted with the initial
|
||||
idmapping as we enforce this in ``mount_setattr()``. So this can be
|
||||
shortened to::
|
||||
|
||||
i_uid_into_mnt(kid):
|
||||
/* Map the kernel id up into a userspace id in the filesystem's idmapping. */
|
||||
__kuid_val(kid) = uid
|
||||
|
||||
/* Map the userspace id down into a kernel id in the mounts's idmapping. */
|
||||
make_kuid(mount-idmapping, uid) = kuid
|
||||
|
||||
Handling filesystems mounted with non-initial idmappings requires that the
|
||||
translation functions be converted to their full form. They can still be
|
||||
shortcircuited on non-idmapped mounts. This has no user-visible consequences.
|
||||
|
Loading…
Reference in New Issue
Block a user