Closed crass closed 2 years ago
mount-idmapped --map-mount=b:1023:1000:1 --map-mount=b:0:1000:1 /media/tmp0 /media/tmp1
This command fails with the output:
Failed to write uid mapping to "/proc/604482/uid_map"Failed to write mapping: 1023 1000 1 0 1000 1 Invalid argument - Failed to change mount attributes
Playing with other mappings, its seems that anytime a uid gets remapped two more than once, a failure occurs. So this fails as well:
mount-idmapped --map-mount b:1023:1000:1 --map-mount b:1024:999:2 /media/tmp0 /media/tmp1
Looks like this is a kernel issue, though I would think I should be able to remap two different UIDs to the same UID. Is this currently not possible? This is on the Ubuntu 5.17 OEM kernel.
Mapping two uids to the same uid is currently not possible and it probably never will be. If you need to write to disk the kernel wouldn't know which of the two uids that are mapped to use and it would have to pick one. This would require all kinds of weird heuristics. So I'd say in this case it's easier to have userspace create two idmapped mounts and then use overlayfs to merge them together into one or bind-mount individual files together.
Good point. I'm using idmapping on host mount that is readonly, so I wouldn't run into any write issues. Perhaps the readonly case can be supported by the kernel?
Good point. I'm using idmapping on host mount that is readonly, so I wouldn't run into any write issues. Perhaps the readonly case can be supported by the kernel?
Hm, I can make a note to explore this idea but that's quite far into the future if at all.
Thinking a little more on it, it might not be as easy as I thought. My understanding is that one creates a user namespace, and then applies the namespace to a mount. So the user namespace must allow non-1-to-1 uid mapping. But then what implications does that have for other use-cases that use user namespaces, which may currently assume a 1-to-1 mapping. I'm not familiar enough with the subject to have an educated guess. But allowing multiple host uids to map to one target uid would be very useful, and is one use case for bindfs.
Yes, user namespaces have that requirement. But if we would need to do something like this I was thinking we would probably have to decouple idmapping for user namespaces from vfs idmapping completely.
mount-idmapped --map-mount=b:1023:1000:1 --map-mount=b:0:1000:1 /media/tmp0 /media/tmp1
This command fails with the output:
Playing with other mappings, its seems that anytime a uid gets remapped two more than once, a failure occurs. So this fails as well:
mount-idmapped --map-mount b:1023:1000:1 --map-mount b:1024:999:2 /media/tmp0 /media/tmp1
Looks like this is a kernel issue, though I would think I should be able to remap two different UIDs to the same UID. Is this currently not possible? This is on the Ubuntu 5.17 OEM kernel.