Skip to content

Commit

Permalink
Review updates (to be squashed later)
Browse files Browse the repository at this point in the history
Signed-off-by: Allan Jude <[email protected]>
  • Loading branch information
allanjude committed Jul 30, 2021
1 parent d648cc0 commit 67e8fe3
Show file tree
Hide file tree
Showing 6 changed files with 128 additions and 28 deletions.
8 changes: 4 additions & 4 deletions cmd/zfs/zfs_main.c
Original file line number Diff line number Diff line change
Expand Up @@ -424,7 +424,7 @@ get_usage(zfs_help_t idx)
case HELP_WAIT:
return (gettext("\twait [-t <activity>] <filesystem>\n"));
case HELP_USERNS:
return (gettext("\tuserns <add|del> <nsnum> <filesystem>\n"));
return (gettext("\tuserns <attach|detach> <nsnum> <filesystem>\n"));
default:
__builtin_unreachable();
}
Expand Down Expand Up @@ -8739,7 +8739,7 @@ main(int argc, char **argv)
}

/*
* zfs userns add|del nsnum filesystem
* zfs userns attach|detach nsnum filesystem
*
* Add or delete the given dataset to/from the namespace.
*/
Expand All @@ -8761,9 +8761,9 @@ zfs_do_userns(int argc, char **argv)
usage(B_FALSE);
}

if (strcmp(argv[1], "add") == 0) {
if (strcmp(argv[1], "attach") == 0) {
attach = 1;
} else if (strcmp(argv[1], "del") == 0) {
} else if (strcmp(argv[1], "detach") == 0) {
attach = 0;
} else {
(void) fprintf(stderr, gettext("invalid subcommand\n"));
Expand Down
12 changes: 4 additions & 8 deletions lib/libspl/os/linux/zone.c
Original file line number Diff line number Diff line change
Expand Up @@ -38,31 +38,27 @@ getzoneid()
zoneid_t z = 0;
char path[PATH_MAX];
char buf[128] = { '\0' };
char *cp, *cp_end;
char *cp;
unsigned long n;
int c;
ssize_t r;

c = snprintf(path, sizeof (path), "/proc/%d/ns/user", getpid());
/* This API doesn't have any error checking... */
if ((size_t)c >= sizeof (path))
if (c < 0)
goto out;

r = readlink(path, buf, sizeof (buf) - 1);
if ((size_t)r >= sizeof (buf))
if (r < 0)
goto out;

cp = strchr(buf, '[');
if (cp == NULL)
goto out;
cp++;
cp_end = strchr(cp, ']');
if (cp_end == NULL)
goto out;

*cp_end = '\0';
n = strtoul(cp, NULL, 10);
if (errno == ERANGE)
if (n == ULONG_MAX && errno == ERANGE)
goto out;
z = (zoneid_t)n;

Expand Down
102 changes: 102 additions & 0 deletions man/man8/zfs-userns.8
Original file line number Diff line number Diff line change
@@ -0,0 +1,102 @@
.\"
.\" CDDL HEADER START
.\"
.\" The contents of this file are subject to the terms of the
.\" Common Development and Distribution License (the "License").
.\" You may not use this file except in compliance with the License.
.\"
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
.\" or http://www.opensolaris.org/os/licensing.
.\" See the License for the specific language governing permissions
.\" and limitations under the License.
.\"
.\" When distributing Covered Code, include this CDDL HEADER in each
.\" file and include the License file at usr/src/OPENSOLARIS.LICENSE.
.\" If applicable, add the following below this CDDL HEADER, with the
.\" fields enclosed by brackets "[]" replaced with your own identifying
.\" information: Portions Copyright [yyyy] [name of copyright owner]
.\"
.\" CDDL HEADER END
.\"
.\" Copyright (c) 2009 Sun Microsystems, Inc. All Rights Reserved.
.\" Copyright 2011 Joshua M. Clulow <[email protected]>
.\" Copyright (c) 2011, 2019 by Delphix. All rights reserved.
.\" Copyright (c) 2011, Pawel Jakub Dawidek <[email protected]>
.\" Copyright (c) 2012, Glen Barber <[email protected]>
.\" Copyright (c) 2012, Bryan Drewery <[email protected]>
.\" Copyright (c) 2013, Steven Hartland <[email protected]>
.\" Copyright (c) 2013 by Saso Kiselkov. All rights reserved.
.\" Copyright (c) 2014, Joyent, Inc. All rights reserved.
.\" Copyright (c) 2014 by Adam Stevko. All rights reserved.
.\" Copyright (c) 2014 Integros [integros.com]
.\" Copyright (c) 2014, Xin LI <[email protected]>
.\" Copyright (c) 2014-2015, The FreeBSD Foundation, All Rights Reserved.
.\" Copyright (c) 2016 Nexenta Systems, Inc. All Rights Reserved.
.\" Copyright 2019 Richard Laager. All rights reserved.
.\" Copyright 2018 Nexenta Systems, Inc.
.\" Copyright 2019 Joyent, Inc.
.\" Copyright 2021 Klara, Inc.
.\"
.Dd July 29, 2021
.Dt ZFS-USERNS 8
.Os
.
.Sh NAME
.Nm zfs-userns
.Nd attach or detach ZFS filesystem from a user namespace
.Sh SYNOPSIS
.Nm zfs Cm userns attach
.Ar usernsid
.Ar filesystem
.Nm zfs Cm userns detach
.Ar usernsid
.Ar filesystem
.
.Sh DESCRIPTION
.Bl -tag -width ""
.It Xo
.Nm zfs
.Cm userns attach
.Ar usernsid
.Ar filesystem
.Xc
Attach the specified
.Ar filesystem
to the user namespace identified by
.Ar usernsid .
From now on this file system tree can be managed from within a user namespace if the
.Sy zoned
property has been set.
.Pp
You cannot attach a zoned dataset's children to another user namespace.
You can also not attach the root file system
of the user namespace or any dataset which needs to be mounted before the zfs service
is run inside the user namespace, as it would be attached unmounted until it is
mounted from the service inside the user namespace.
.Pp
To allow management of the dataset from within a user namespace, the
.Sy zoned
property has to be set and the user namespaces needs access to the
.Pa /dev/zfs
device.
The
.Sy quota
property cannot be changed from within a user namespace.
.Pp
After a dataset is attached to a user namespace and the
.Sy zoned
property is set, a zoned file system cannot be mounted outside the user namespace,
since the user namespace administrator might have set the mount point to an unacceptable value.
.It Xo
.Nm zfs
.Cm userns detach
.Ar usernsid
.Ar filesystem
.Xc
Detaches the specified
.Ar filesystem
from the user namespace identified by
.Ar usernsid .
.El
.Sh SEE ALSO
.Xr zfsprops 7
14 changes: 8 additions & 6 deletions module/os/linux/spl/spl-zone.c
Original file line number Diff line number Diff line change
Expand Up @@ -98,12 +98,12 @@ zone_dataset_name_check(const char *dataset, size_t *dsnamelen)
int
zone_dataset_attach(cred_t *cred, const char *dataset, unsigned int nsnum)
{
#if defined(CONFIG_USER_NS)
zone_datasets_t *zds;
zone_dataset_t *zd;
int error;
size_t dsnamelen;

#if defined(CONFIG_USER_NS)
if ((error = zone_dataset_cred_check(cred)) != 0)
return (error);
if ((error = zone_dataset_name_check(dataset, &dsnamelen)) != 0)
Expand All @@ -117,11 +117,12 @@ zone_dataset_attach(cred_t *cred, const char *dataset, unsigned int nsnum)
INIT_LIST_HEAD(&zds->zds_datasets);
zds->zds_nsnum = nsnum;
list_add_tail(&zds->zds_list, &zone_datasets);
}
zd = zone_dataset_lookup(zds, dataset, dsnamelen);
if (zd != NULL) {
error = EEXIST;
goto done;
} else {
zd = zone_dataset_lookup(zds, dataset, dsnamelen);
if (zd != NULL) {
error = EEXIST;
goto done;
}
}

zd = kmem_alloc(sizeof (zone_dataset_t) + dsnamelen + 1, KM_SLEEP);
Expand Down Expand Up @@ -322,4 +323,5 @@ spl_zone_fini(void)
list_del(&zds->zds_list);
kmem_free(zds, sizeof (*zds));
}
mutex_destroy(&zone_datasets_lock);
}
8 changes: 4 additions & 4 deletions module/os/linux/zfs/zfs_ioctl_os.c
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ zfsdev_ioctl(struct file *filp, unsigned cmd, unsigned long arg)
}

static int
zfs_ioc_userns_add(zfs_cmd_t *zc)
zfs_ioc_userns_attach(zfs_cmd_t *zc)
{

if (zc->zc_cookie != 0)
Expand All @@ -160,7 +160,7 @@ zfs_ioc_userns_add(zfs_cmd_t *zc)
}

static int
zfs_ioc_userns_del(zfs_cmd_t *zc)
zfs_ioc_userns_detach(zfs_cmd_t *zc)
{

if (zc->zc_cookie != 0)
Expand Down Expand Up @@ -188,9 +188,9 @@ zfs_ioctl_update_mount_cache(const char *dsname)
void
zfs_ioctl_init_os(void)
{
zfs_ioctl_register_dataset_nolog(ZFS_IOC_JAIL, zfs_ioc_userns_add,
zfs_ioctl_register_dataset_nolog(ZFS_IOC_JAIL, zfs_ioc_userns_attach,
zfs_secpolicy_config, POOL_CHECK_NONE);
zfs_ioctl_register_dataset_nolog(ZFS_IOC_UNJAIL, zfs_ioc_userns_del,
zfs_ioctl_register_dataset_nolog(ZFS_IOC_UNJAIL, zfs_ioc_userns_detach,
zfs_secpolicy_config, POOL_CHECK_NONE);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,14 @@
# 4. Check that the filesystems can be mounted inside the delegation,
# and that file permissions are appropriate.
# 5. Check that 'zfs destroy' is able to destroy only inside the delegation.
# 6. Check that 'zfs userns del' has a desirable effect.
# 6. Check that 'zfs userns detach' has a desirable effect.
#

verify_runnable "both"

user_ns_cleanup() {
if [ -n "$ns_added" ]; then
log_must zfs userns del $ns_added $TESTPOOL/userns
log_must zfs userns detach $ns_added $TESTPOOL/userns
fi
if [ -n "$unshared_pid" ]; then
log_must kill -9 $unshared_pid
Expand Down Expand Up @@ -75,10 +75,10 @@ fi

NSENTER="nsenter -t $unshared_pid --all"

# 1b. Pre-test by checking that 'userns add' does something new.
# 1b. Pre-test by checking that 'userns attach' does something new.
list="$($NSENTER zfs list -r -H -o name | tr '\n' ' ')"
log_must test -z "$list"
log_must zfs userns add $ns $TESTPOOL/userns
log_must zfs userns attach $ns $TESTPOOL/userns
ns_added="$ns"

# 2. 'zfs list'
Expand All @@ -100,8 +100,8 @@ log_must test "${uidgid}" = "0 0"
log_must $NSENTER zfs destroy $TESTPOOL/userns/created
log_mustnot $NSENTER zfs destroy $TESTPOOL/user

# 6. 'zfs userns del' should have an effect
log_must zfs userns del $ns $TESTPOOL/userns
# 6. 'zfs userns detach' should have an effect
log_must zfs userns detach $ns $TESTPOOL/userns
ns_added=""
list="$($NSENTER zfs list -r -H -o name | tr '\n' ' ')"
log_must test -z "$list"
Expand Down

0 comments on commit 67e8fe3

Please sign in to comment.