git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Tue, 27 Apr 2021 16:03:31 +0000 (18:03 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Fri, 7 May 2021 20:44:13 +0000 (22:44 +0200)
commit	f61c7f88d0cd7e7901a384eb7749686e4ed633e5
tree	972fd1fbb8b9ec38903206d91e96b5e19a9fdda5	tree \| snapshot
parent	993da6d4616b56b7ef82c95f1b65494cdcf10c5c	commit \| diff

nspawn: introduce --private-users-ownership=map|auto

This adds a two new values to --private-users-ownership=: "map" and
"auto".

"map" exposes the kernel 5.12 idmap feature pretty much 1:1. It fails if
the kernel or used file system doesn't support ID mapping.

"auto" is a bit smarter: if we can make ID mapping work, we'll use it,
otherwise revert back to classic chown()ing. We'll also use chown()ing
if we detect that an image is already ID shifted, both to increase
compatibility with the status quo ante, and to simplify our codepaths,
since the mappings become a lot simpler if we only have to map from zero
to something else, instead of from anything to anything else.

The short -U switch, and --private-users=pick will now imply
--private-users-ownership=auto instead of
--private-users-ownership=chown, since the new logic should be the much
better choice.

src/nspawn/nspawn-settings.c		diff \| blob \| blame \| history
src/nspawn/nspawn-settings.h		diff \| blob \| blame \| history
src/nspawn/nspawn.c		diff \| blob \| blame \| history