[lxc-devel] mounting mqueue in a user namespace
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Mar 11 23:26:45 UTC 2016
Quoting Thomas Tanaka (thomas.tanaka at oracle.com):
>
> On 3/11/2016 3:07 PM, Serge Hallyn wrote:
> >Quoting Thomas Tanaka (thomas.tanaka at oracle.com):
> >>On 3/10/2016 4:18 PM, Serge Hallyn wrote:
> >>>Quoting Thomas Tanaka (thomas.tanaka at oracle.com):
> >>>>Hi,
> >>>>
> >>>>This question might not be specific to lxc/lxd but containers in
> >>>>general, I hope that is okay.
> >>>>I have a process created using clone with the following flags
> >>>>(CLONE_NEWNS|CLONE_NEWIPC|CLONE_NEWUSER).
> >>>>The process then try to mount the mqueue filesystem (mount -t mqueue
> >>>>mqueue /dev/mqueue).
> >>>>However, the mounted mqueue fs has inode->i_uid = 0, instead of our
> >>>>ns uid e.g 10000. Is this expected ?
> >>>>For other e.g tmpfs the inode->i_uid is properly set to our ns uid.
> >>>Doesn't happen for me. As simplest example, if I
> >>>
> >>>lxc-usernsexec
> >>># lxc-unshare -s 'IPC|MOUNT' bash
> >>>## mount -t mqueue mqueue /mnt
> >>>## touch /mnt; ls -ld /mnt; ls -l /mnt
> >>>
> >>>I see everything owned by my namespaced root user, 'root' in my shell.
> >>Right, maybe my understanding is not correct.
> >>So maybe the question should be phrased in such a way, why does a
> >>newly clone() process with CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWUSER
> >>does not seem to perfom switch_task_namespaces() ?
> >>The observation here is, yes inside of the userns it is owned by
> >>root, but outside of it, i.e in the 'global' ns shouldn't it be
> >How are you viewing it from the outside? You'll need to go
> >through /proc/pid/root/dev/mqueue, else you're look at the
> >host's mqueue mount right?
> Yeah, so I instrumented the kernel (~4.1.12) to print the value of
> inode->i_uid, at mqueue_fill_super() (ipc/mqueue.c),
> so with every mount i could see the value of inode->i_uid from the log.
Dunno. It works on my kernel. From a host shell I get:
# ls -l /proc/13383/root/mnt/
-rw-rw-r-- 1 100000 100000 80 Mar 11 15:24 ab
(where pid 13383 is in a private namespace and mounted /dev/mqueue on
/mnt)
More information about the lxc-devel
mailing list