Message ID | 20230524153316.476973-1-aleksandr.mikhalitsyn@canonical.com (mailing list archive) |
---|---|
Headers | show |
Series | ceph: support idmapped mounts | expand |
version 3 was sent https://lore.kernel.org/lkml/20230607152038.469739-1-aleksandr.mikhalitsyn@canonical.com/ On Wed, May 24, 2023 at 5:33 PM Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com> wrote: > > Dear friends, > > This patchset was originally developed by Christian Brauner but I'll continue > to push it forward. Christian allowed me to do that :) > > This feature is already actively used/tested with LXD/LXC project. > > v2 is just a rebased version of the original series with some small field naming change. > > Git tree (based on https://github.com/ceph/ceph-client.git master): > https://github.com/mihalicyn/linux/tree/fs.idmapped.ceph.v2 > > Original description from Christian: > ======================================================================== > This patch series enables cephfs to support idmapped mounts, i.e. the > ability to alter ownership information on a per-mount basis. > > Container managers such as LXD support sharaing data via cephfs between > the host and unprivileged containers and between unprivileged containers. > They may all use different idmappings. Idmapped mounts can be used to > create mounts with the idmapping used for the container (or a different > one specific to the use-case). > > There are in fact more use-cases such as remapping ownership for > mountpoints on the host itself to grant or restrict access to different > users or to make it possible to enforce that programs running as root > will write with a non-zero {g,u}id to disk. > > The patch series is simple overall and few changes are needed to cephfs. > There is one cephfs specific issue that I would like to discuss and > solve which I explain in detail in: > > [PATCH 02/12] ceph: handle idmapped mounts in create_request_message() > > It has to do with how to handle mds serves which have id-based access > restrictions configured. I would ask you to please take a look at the > explanation in the aforementioned patch. > > The patch series passes the vfs and idmapped mount testsuite as part of > xfstests. To run it you will need a config like: > > [ceph] > export FSTYP=ceph > export TEST_DIR=/mnt/test > export TEST_DEV=10.103.182.10:6789:/ > export TEST_FS_MOUNT_OPTS="-o name=admin,secret=$password > > and then simply call > > sudo ./check -g idmapped > > ======================================================================== > > Alexander Mikhalitsyn (1): > fs: export mnt_idmap_get/mnt_idmap_put > > Christian Brauner (12): > ceph: stash idmapping in mdsc request > ceph: handle idmapped mounts in create_request_message() > ceph: allow idmapped mknod inode op > ceph: allow idmapped symlink inode op > ceph: allow idmapped mkdir inode op > ceph: allow idmapped rename inode op > ceph: allow idmapped getattr inode op > ceph: allow idmapped permission inode op > ceph: allow idmapped setattr inode op > ceph/acl: allow idmapped set_acl inode op > ceph/file: allow idmapped atomic_open inode op > ceph: allow idmapped mounts > > fs/ceph/acl.c | 2 +- > fs/ceph/dir.c | 4 ++++ > fs/ceph/file.c | 10 ++++++++-- > fs/ceph/inode.c | 15 +++++++++++---- > fs/ceph/mds_client.c | 29 +++++++++++++++++++++++++---- > fs/ceph/mds_client.h | 1 + > fs/ceph/super.c | 2 +- > fs/mnt_idmapping.c | 2 ++ > include/linux/mnt_idmapping.h | 3 +++ > 9 files changed, 56 insertions(+), 12 deletions(-) > > -- > 2.34.1 >