This adds a new mount option X-mount.idmap. This mount option can be
used to create an idmapped mount.
An idmapped mount allows to change ownership of all files located under
a mount according to the ID-mapping associated with a user namespace.
The ownership change is tied to the lifetime and localized to the
relevant mount. The relevant ID-mapping can be specified in two ways:
* A user can specify the ID-mapping directly.
The ID-mapping must be specified using the syntax
id-type:id-mount:id-host:id-range
Specifying "u" as the id-type prefix creates a UID-mapping, "g"
creates a GID-mapping and omitting id-type or specifying "b"
creates both a UID- and GID-mapping.
The id-mount parameter indicates the starting ID in the new mount.
The id-host parameter indicates the starting ID in the filesystem.
The id-range parameter indicates how many IDs are to be mapped.
It is possible to specify multiple ID-mappings.
The individual ID-mappings must be separated by spaces.
For example, the ID-mapping
X-mount.idmap=u:1000:0:1 g:1001:1:2 5000:1000:2
creates an idmapped mount where UID 0 is mapped to UID 1000, GID 1 is
mapped to GUID 1001, GID 2 is mapped to GID 1002, UID and GID 1000 are
mapped to 5000, and UID and GID 1001 are mapped to 5001 in the mount.
When an ID-mapping is specified directly a new user namespace will be
allocated with the requested ID-mapping.
The newly created user namespace will be attached to the mount.
* A user can specify a user namespace file.
The user namespace will then be attached to the mount and the
ID-mapping of the user namespace will become the ID-mapping of the
mount.
For example, *X-mount.idmap=/proc/PID/ns/user* will attach the user
namespace of the process PID to the mount.
Even more details about idmapped mounts can be found in the
mount_setattr(2) manpage of the linux-manpage project.
[kzak@redhat.com: - port Christian's patch to the new libmount hooks API]
Signed-off-by: Christian Brauner (Microsoft) <brauner@kernel.org> Signed-off-by: Karel Zak <kzak@redhat.com>
Karel Zak [Thu, 19 May 2022 11:55:43 +0000 (13:55 +0200)]
libmount: implement hooks for a legacy mount(2)
* replaces context "addmounts" functionality with more generic hooks
* "hooksets" handles complex functionality by a set of hooks.
During initialization (or later), the hookset can define
arbitrary hook function(s). The library will call the functions from
a specified place ("stage"). Now supported stages are
prepare-options, pre-mount, mount, and post-mount.
This solution looks complex at first glance, but it will help
keep all extensions separated from core library code (IDs mapping,
X-mount.chown/chmod, X-mount.subdir, etc.). It will also be possible to
support multiple implementations for the same functionality (classic
mount(2) vs. new fsmount(2)) without #ifdefs storms etc.
Maybe later we can also use hooksets for external library modules
(like verity support).
* __legacy-mount hookset implements support for the classic mount(2)
syscall. Supported hooks:
prepare-options - analyzes the current setting (libmnt_context)
and setup other hooks when necessary
mount - calls mount(2) for standard "/dev to /mnt" use-cases
post-mount (two possible hooks):
- calls mount(2) to modify propagation flags
- calls mount(2) to implement bind-remount (mount --bind -oro)
Karel Zak [Mon, 2 Jan 2023 12:32:58 +0000 (13:32 +0100)]
Merge branch 'libblkid/topology-diskseq' of https://github.com/t-8ch/util-linux
* 'libblkid/topology-diskseq' of https://github.com/t-8ch/util-linux:
libblkid: topology: probe diskseq
libblkid: topology: allow setting of 64bit values
lib/sysfs: allow parent redirect even for non-queue files
blockdev: add support for ioctl BLKGETDISKSEQ
libblkid: topology: add test
tests: functions: allow partitions on loopdevs
Karel Zak [Mon, 2 Jan 2023 12:02:51 +0000 (13:02 +0100)]
Merge branch 'stat-parsing' of https://github.com/t-8ch/util-linux
* 'stat-parsing' of https://github.com/t-8ch/util-linux:
procfs: get_stat_nth: handle braces in process name
lib: procfs: add parsing cmd containing newline
lib: procfs: add unittests
lib: procfs: prefix support for tests
lib: procfs: fix error message during test
lib: procfs: fix typo in argument specification
lib: procfs: clarify name of procfs_process_get_data_for()
Karel Zak [Mon, 2 Jan 2023 11:23:11 +0000 (12:23 +0100)]
Merge branch 'meson-debian' of https://github.com/zeha/util-linux
* 'meson-debian' of https://github.com/zeha/util-linux:
meson: install uuidd.rc with -Dsysvinit=enabled
meson: fix pkg-config name of libaudit
meson: fix build with -Dselinux=enabled
Thomas Weißschuh [Thu, 22 Dec 2022 23:54:41 +0000 (23:54 +0000)]
procfs: get_stat_nth: handle braces in process name
In procfs_process_get_stat_nth() we skip to the end of the process name
by looking for the ')' after it.
However if the process name itself contains a ')' then find that instead
of the correct one.
By searching the ')' from the end of the file we can make sure to always
find the correct one.
Frantisek Sumsal [Thu, 24 Nov 2022 09:34:54 +0000 (10:34 +0100)]
ci: build & test util-linux on Fedora Rawhide via Packit
Let's run at least the unit-tests on Fedora Rawhide via Packit, as it
supports a couple of alternative architectures (aarch64, ppc64le, s390x)
as well as i*86, which were source of issues in the past.
Karel Zak [Tue, 13 Dec 2022 15:10:08 +0000 (16:10 +0100)]
Merge branch 'shells.c' of https://github.com/t-8ch/util-linux
* 'shells.c' of https://github.com/t-8ch/util-linux:
meson: link shells.c into users of is_known_shell
meson: remove leftover explicit mentions of logindefs.c
projects / thirdparty / util-linux.git / log
