-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Linux namespace delegation support
This allows ZFS datasets to be delegated to a user/mount namespace Within that namespace, only the delegated datasets are visible Works very similarly to Zones/Jailes on other ZFS OSes As a user: ``` $ unshare -Um $ zfs list no datasets available $ readlink /proc/$$/ns/user user:[4026532291] ``` As root: ``` # zfs list NAME ZONED MOUNTPOINT containers off /containers containers/host off /containers/host containers/host/child off /containers/host/child containers/host/child/gchild off /containers/host/child/gchild containers/unpriv on /unpriv containers/unpriv/child on /unpriv/child containers/unpriv/child/gchild on /unpriv/child/gchild # zfs userns add 4026532291 containers/unpriv ``` Back to the user: ``` $ zfs list NAME USED AVAIL REFER MOUNTPOINT containers 129M 47.8G 24K /containers containers/unpriv 128M 47.8G 24K /unpriv containers/unpriv/child 128M 47.8G 128M /unpriv/child ``` Signed-off-by: Will Andrews <will.andrews@klarasystems.com> Signed-off-by: Allan Jude <allan@klarasystems.com> Sponsored-by: Buddy <https://buddy.works>
- Loading branch information
Showing
27 changed files
with
941 additions
and
159 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
dnl # | ||
dnl # 3.18 API change | ||
dnl # struct user_namespace inum moved from .proc_inum to .ns.inum. | ||
dnl # | ||
AC_DEFUN([ZFS_AC_KERNEL_SRC_USER_NS_COMMON_INUM], [ | ||
ZFS_LINUX_TEST_SRC([user_ns_common_inum], [ | ||
#include <linux/user_namespace.h> | ||
], [ | ||
struct user_namespace uns; | ||
uns.ns.inum = 0; | ||
]) | ||
]) | ||
|
||
AC_DEFUN([ZFS_AC_KERNEL_USER_NS_COMMON_INUM], [ | ||
AC_MSG_CHECKING([whether user_namespace->ns.inum exists]) | ||
ZFS_LINUX_TEST_RESULT([user_ns_common_inum], [ | ||
AC_MSG_RESULT(yes) | ||
AC_DEFINE(HAVE_USER_NS_COMMON_INUM, 1, | ||
[user_namespace->ns.inum exists]) | ||
],[ | ||
AC_MSG_RESULT(no) | ||
]) | ||
]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.