Christian Brauner
Christian Brauner
I don't mind so Ack from me. @stgaber, @hallyn?
Not sure if Tonny Wong is on Github otherwise I'd ping him. :)
> It looks like this PR can be closed. Current master seems to have the changes proposed here. Can you point to the commit or code by any chance?
Sorry, I missed this PR.
I'm the maintainer of this upstream. Some CentOS versions have disabled Idmapped mounts. Last I checked @giuseppe had filed a request to enable them.
Yeah, it would be good to have this in libseccomp. We currently use this as well in an open-coded version in LXD https://github.com/lxc/lxd/blob/98935b925c0caffc9d4a083c191671d553739313/lxd/seccomp/seccomp.go#L395 it needs a nice API. And note...
The seccomp selftests upstream also have the basic logic in there fwiw.
> > I understand it could work, but this way really needs to be discussed in the whole fs community. > > I'm on linux-fsdevel@ if you prefer to discuss...
There's multiple aspects here. The first one is being able to provide an fd as a source property generally. The second one is loopback device allocation through the fsconfig interface....
On Mon, Jun 12, 2023 at 12:34:44AM -0700, Alexander Larsson wrote: > From a userspace perspective, the problem with loopback devices are > that they are a globally visible resource...