mirror of
https://git.proxmox.com/git/mirror_zfs.git
synced 2026-05-22 10:37:35 +03:00
Support idmapped mount
Adds support for idmapped mounts. Supported as of Linux 5.12 this functionality allows user and group IDs to be remapped without changing their state on disk. This can be useful for portable home directories and a variety of container related use cases. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Reviewed-by: Ryan Moeller <ryan@iXsystems.com> Signed-off-by: Youzhong Yang <yyang@mathworks.com> Closes #12923 Closes #13671
This commit is contained in:
youzhongyang
@@ -45,6 +45,34 @@ typedef struct cred cred_t;
|
||||
#define SGID_TO_KGID(x) (KGIDT_INIT(x))
|
||||
#define KGIDP_TO_SGIDP(x) (&(x)->val)
|
||||
|
||||
static inline uid_t zfs_uid_into_mnt(struct user_namespace *mnt_ns, uid_t uid)
|
||||
{
|
||||
if (mnt_ns)
|
||||
return (__kuid_val(make_kuid(mnt_ns, uid)));
|
||||
return (uid);
|
||||
}
|
||||
|
||||
static inline gid_t zfs_gid_into_mnt(struct user_namespace *mnt_ns, gid_t gid)
|
||||
{
|
||||
if (mnt_ns)
|
||||
return (__kgid_val(make_kgid(mnt_ns, gid)));
|
||||
return (gid);
|
||||
}
|
||||
|
||||
static inline uid_t zfs_uid_from_mnt(struct user_namespace *mnt_ns, uid_t uid)
|
||||
{
|
||||
if (mnt_ns)
|
||||
return (from_kuid(mnt_ns, KUIDT_INIT(uid)));
|
||||
return (uid);
|
||||
}
|
||||
|
||||
static inline gid_t zfs_gid_from_mnt(struct user_namespace *mnt_ns, gid_t gid)
|
||||
{
|
||||
if (mnt_ns)
|
||||
return (from_kgid(mnt_ns, KGIDT_INIT(gid)));
|
||||
return (gid);
|
||||
}
|
||||
|
||||
extern void crhold(cred_t *cr);
|
||||
extern void crfree(cred_t *cr);
|
||||
extern uid_t crgetuid(const cred_t *cr);
|
||||
|
||||
@@ -54,4 +54,7 @@ typedef ulong_t pgcnt_t;
|
||||
typedef int major_t;
|
||||
typedef int minor_t;
|
||||
|
||||
struct user_namespace;
|
||||
typedef struct user_namespace zuserns_t;
|
||||
|
||||
#endif /* _SPL_TYPES_H */
|
||||
|
||||
@@ -47,13 +47,13 @@ int secpolicy_vnode_create_gid(const cred_t *);
|
||||
int secpolicy_vnode_remove(const cred_t *);
|
||||
int secpolicy_vnode_setdac(const cred_t *, uid_t);
|
||||
int secpolicy_vnode_setid_retain(struct znode *, const cred_t *, boolean_t);
|
||||
int secpolicy_vnode_setids_setgids(const cred_t *, gid_t);
|
||||
int secpolicy_vnode_setids_setgids(const cred_t *, gid_t, zuserns_t *);
|
||||
int secpolicy_zinject(const cred_t *);
|
||||
int secpolicy_zfs(const cred_t *);
|
||||
int secpolicy_zfs_proc(const cred_t *, proc_t *);
|
||||
void secpolicy_setid_clear(vattr_t *, cred_t *);
|
||||
int secpolicy_setid_setsticky_clear(struct inode *, vattr_t *,
|
||||
const vattr_t *, cred_t *);
|
||||
const vattr_t *, cred_t *, zuserns_t *);
|
||||
int secpolicy_xvattr(xvattr_t *, uid_t, cred_t *, mode_t);
|
||||
int secpolicy_vnode_setattr(cred_t *, struct inode *, struct vattr *,
|
||||
const struct vattr *, int, int (void *, int, cred_t *), void *);
|
||||
|
||||
@@ -45,22 +45,25 @@ extern int zfs_write_simple(znode_t *zp, const void *data, size_t len,
|
||||
extern int zfs_lookup(znode_t *dzp, char *nm, znode_t **zpp, int flags,
|
||||
cred_t *cr, int *direntflags, pathname_t *realpnp);
|
||||
extern int zfs_create(znode_t *dzp, char *name, vattr_t *vap, int excl,
|
||||
int mode, znode_t **zpp, cred_t *cr, int flag, vsecattr_t *vsecp);
|
||||
int mode, znode_t **zpp, cred_t *cr, int flag, vsecattr_t *vsecp,
|
||||
zuserns_t *mnt_ns);
|
||||
extern int zfs_tmpfile(struct inode *dip, vattr_t *vapzfs, int excl,
|
||||
int mode, struct inode **ipp, cred_t *cr, int flag, vsecattr_t *vsecp);
|
||||
int mode, struct inode **ipp, cred_t *cr, int flag, vsecattr_t *vsecp,
|
||||
zuserns_t *mnt_ns);
|
||||
extern int zfs_remove(znode_t *dzp, char *name, cred_t *cr, int flags);
|
||||
extern int zfs_mkdir(znode_t *dzp, char *dirname, vattr_t *vap,
|
||||
znode_t **zpp, cred_t *cr, int flags, vsecattr_t *vsecp);
|
||||
znode_t **zpp, cred_t *cr, int flags, vsecattr_t *vsecp, zuserns_t *mnt_ns);
|
||||
extern int zfs_rmdir(znode_t *dzp, char *name, znode_t *cwd,
|
||||
cred_t *cr, int flags);
|
||||
extern int zfs_readdir(struct inode *ip, zpl_dir_context_t *ctx, cred_t *cr);
|
||||
extern int zfs_getattr_fast(struct user_namespace *, struct inode *ip,
|
||||
struct kstat *sp);
|
||||
extern int zfs_setattr(znode_t *zp, vattr_t *vap, int flag, cred_t *cr);
|
||||
extern int zfs_setattr(znode_t *zp, vattr_t *vap, int flag, cred_t *cr,
|
||||
zuserns_t *mnt_ns);
|
||||
extern int zfs_rename(znode_t *sdzp, char *snm, znode_t *tdzp,
|
||||
char *tnm, cred_t *cr, int flags);
|
||||
char *tnm, cred_t *cr, int flags, zuserns_t *mnt_ns);
|
||||
extern int zfs_symlink(znode_t *dzp, char *name, vattr_t *vap,
|
||||
char *link, znode_t **zpp, cred_t *cr, int flags);
|
||||
char *link, znode_t **zpp, cred_t *cr, int flags, zuserns_t *mnt_ns);
|
||||
extern int zfs_readlink(struct inode *ip, zfs_uio_t *uio, cred_t *cr);
|
||||
extern int zfs_link(znode_t *tdzp, znode_t *szp,
|
||||
char *name, cred_t *cr, int flags);
|
||||
|
||||
@@ -39,7 +39,7 @@
|
||||
|
||||
/* zpl_inode.c */
|
||||
extern void zpl_vap_init(vattr_t *vap, struct inode *dir,
|
||||
umode_t mode, cred_t *cr);
|
||||
umode_t mode, cred_t *cr, zuserns_t *mnt_ns);
|
||||
|
||||
extern const struct inode_operations zpl_inode_operations;
|
||||
extern const struct inode_operations zpl_dir_inode_operations;
|
||||
|
||||
Reference in New Issue
Block a user