Skip to content

Commit

Permalink
config: add reference to mount_setattr(2) for idmapped mounts
Browse files Browse the repository at this point in the history 
The idmapped mounts sections do not make any reference to how the
mapping should be implemented. Add a reference to MOUNT_ATTR_IDMAP since
that is what runtimes are expected to use.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
  • Loading branch information
@cyphar
cyphar committed Aug 22, 2023
1 parent 2ac0e64 commit ce442ac
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions config.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -180,10 +180,12 @@ For POSIX platforms the `mounts` structure has the following fields:
* Linux: filesystem types supported by the kernel as listed in */proc/filesystems* (e.g., "minix", "ext2", "ext3", "jfs", "xfs", "reiserfs", "msdos", "proc", "nfs", "iso9660"). For bind mounts (when `options` include either `bind` or `rbind`), the type is a dummy, often "none" (not listed in */proc/filesystems*).
* Solaris: corresponds to "type" of the fs resource in [zonecfg(1M)][zonecfg.1m].
* **`uidMappings`** (array of type LinuxIDMapping, OPTIONAL) The mapping to convert UIDs from the source file system to the destination mount point.
This SHOULD be implemented using [`mount_setattr(MOUNT_ATTR_IDMAP)`][mount_setattr.2], available since Linux 5.12.
If specified, the `options` field of the `mounts` structure SHOULD contain either `idmap` or `ridmap` to specify whether the mapping should be applied recursively for `rbind` mounts, as well as to ensure that older runtimes will not silently ignore this field.
The format is the same as [user namespace mappings](config-linux.md#user-namespace-mappings).
If specified, it MUST be specified along with `gidMappings`.
* **`gidMappings`** (array of type LinuxIDMapping, OPTIONAL) The mapping to convert GIDs from the source file system to the destination mount point.
This SHOULD be implemented using [`mount_setattr(MOUNT_ATTR_IDMAP)`][mount_setattr.2], available since Linux 5.12.
If specified, the `options` field of the `mounts` structure SHOULD contain either `idmap` or `ridmap` to specify whether the mapping should be applied recursively for `rbind` mounts, as well as to ensure that older runtimes will not silently ignore this field.
For more details see `uidMappings`.
If specified, it MUST be specified along with `uidMappings`.
Expand Down

0 comments on commit ce442ac

Please sign in to comment.