[systemd-devel] systemd-nspawn with filesystem id mapping
systemd-devel at notandy.de
systemd-devel at notandy.de
Fri Jun 4 12:53:41 UTC 2021
Hi again,
after some more debugging this EOVERFLOW seems to be the result of a call to may_o_create in fs/namei.c in the kernel.
There is a check:
if (!fsuidgid_has_mapping(dir->dentry->d_sb, mnt_userns))
return -EOVERFLOW;
This seems to be the one returning EOVERFLOW to nspawn and resulting in the container spawn to fail.
My guess would be that this is a systemd bug when combining filesystem id mapping with --bind.
Before I start spending more time debugging this, has anyone so far used --bind with --private-users=pick and --private-users-ownership=map successfull?
As far as I understand the pull request #19438 , didn't add any handling to the mount_bind function. Was this maybe overlooked?
In my understanding there is a remount_idmap missing in that function well as the touch needs to be done in the correct user namespace or with mapped uid/gids.
I'm new to the systemd source code, could somebody confirm that I'm on the right track there and not heading in the wrong direction?
Thanks,
nd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20210604/7d0724ee/attachment.sig>
More information about the systemd-devel
mailing list