libmount: accept X-mount.idmap=

This adds a new mount option X-mount.idmap. This mount option can be used to create an idmapped mount. An idmapped mount allows to change ownership of all files located under a mount according to the ID-mapping associated with a user namespace. The ownership change is tied to the lifetime and localized to the relevant mount. The relevant ID-mapping can be specified in two ways: * A user can specify the ID-mapping directly. The ID-mapping must be specified using the syntax id-type:id-mount:id-host:id-range Specifying "u" as the id-type prefix creates a UID-mapping, "g" creates a GID-mapping and omitting id-type or specifying "b" creates both a UID- and GID-mapping. The id-mount parameter indicates the starting ID in the new mount. The id-host parameter indicates the starting ID in the filesystem. The id-range parameter indicates how many IDs are to be mapped. It is possible to specify multiple ID-mappings. The individual ID-mappings must be separated by spaces. For example, the ID-mapping X-mount.idmap=u:1000:0:1 g:1001:1:2 5000:1000:2 creates an idmapped mount where UID 0 is mapped to UID 1000, GID 1 is mapped to GUID 1001, GID 2 is mapped to GID 1002, UID and GID 1000 are mapped to 5000, and UID and GID 1001 are mapped to 5001 in the mount. When an ID-mapping is specified directly a new user namespace will be allocated with the requested ID-mapping. The newly created user namespace will be attached to the mount. * A user can specify a user namespace file. The user namespace will then be attached to the mount and the ID-mapping of the user namespace will become the ID-mapping of the mount. For example, *X-mount.idmap=/proc/PID/ns/user* will attach the user namespace of the process PID to the mount. Even more details about idmapped mounts can be found in the mount_setattr(2) manpage of the linux-manpage project. [[email protected]: - port Christian's patch to the new libmount hooks API] Signed-off-by: Christian Brauner (Microsoft) <[email protected]> Signed-off-by: Karel Zak <[email protected]>
util-linux · Jan 3, 2023 · 0bbc62d · 0bbc62d
1 parent 192bb34
commit 0bbc62d
Show file tree

Hide file tree

Showing 8 changed files with 528 additions and 0 deletions.
diff --git a/libmount/meson.build b/libmount/meson.build
@@ -47,6 +47,7 @@ if LINUX
     src/hook_mkdir.c
     src/hook_subdir.c
     src/hook_owner.c
+    src/hook_idmap.c
     src/monitor.c
 '''.split()
 endif

diff --git a/libmount/src/Makemodule.am b/libmount/src/Makemodule.am
@@ -36,6 +36,7 @@ libmount_la_SOURCES += \
 	libmount/src/hook_mkdir.c \
 	libmount/src/hook_subdir.c \
 	libmount/src/hook_owner.c \
+	libmount/src/hook_idmap.c \
 	libmount/src/monitor.c
 
 if HAVE_BTRFS

diff --git a/libmount/src/context_mount.c b/libmount/src/context_mount.c
@@ -1614,6 +1614,12 @@ int mnt_context_get_mount_excode(
 			return MNT_EX_SYSERR;
 		}
 
+		if (rc == -MNT_ERR_IDMAP) {
+			if (buf)
+				snprintf(buf, bufsz, _("filesystem was mounted, but failed to attach idmapping"));
+			return MNT_EX_SYSERR;
+		}
+
 		if (rc < 0)
 			return mnt_context_get_generic_excode(rc, buf, bufsz,
 				_("filesystem was mounted, but any subsequent operation failed: %m"));