Re: [libvirt PATCHv1 8/8] docs: virtiofs: add section about ID remapping
On Wed, Sep 13, 2023 at 05:07:27PM +0200, Ján Tomko wrote:
On a Tuesday in 2023, Daniel P. Berrangé wrote:
> On Tue, Sep 12, 2023 at 04:05:04PM +0200, Ján Tomko wrote:
> > On a Monday in 2023, Daniel P. Berrangé wrote:
> > > I would expect libvirt to "do the right thing" and automatically
load
> > > the /etc/subuid data for the current user and NOT require any extra
> > > XML mapping to be set for unprivileged usage.
> > >
> >
> > So, by default libvirt would assume that unprivileged
> > accessmode='passthrough' means "use the whole range for my user
> > from /etc/subuid"?
> >
> > Podman treats /etc/subuid as a pool and chooses a 64K range that is
> > (to its knowledge) unused. I'm undecided whether that would also be
> > a reasonable option for a default.
>
> I thought podman simply used the entry that is in /etc/subuid
> as is:
D'oh. Right. By default it uses --userns=host, which behaves as you
describe.
What I described is --userns=auto behavior, suggested in the bug
discussion:
https://bugzilla.redhat.com/show_bug.cgi?id=2034630#c8
What I'm also missing is understanding what component enforces that
you have grabbed a range that is actually present for your user
in /etc/subuid, as opposed to grabbing a range belonging to a
different user.
Something must enforce that otherwise it is a total free for all
and /etc/subuid is largely pointless.
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|