Please sign in to comment.
nfsd: add export option root_uid
We're exporting ZFS datasets with uidmap/gidmap set. When these exports are mounted and passed on to containers with the respective user namespace mapping, the container's root user is not recognized and is treated as a common unprivileged user. So he cannot access and manipulate files which he does not have explicit permission on. This patch introduces a new export option root_uid. It can be used to specify which user should be recognized as root, in addition to the global root. Mapping of user/group IDs could also be done on the client side, based on which user namespace the mount belongs to. AFAIK, that wouldn't help us because we're mounting the shares on the host and then just bind mount them to containers. In addition, NFS mounts from user namespace AFAIK don't work as of yet. See https://patchwork.kernel.org/patch/10534963/
- Loading branch information...
Showing with 20 additions and 1 deletion.