lukts30
lukts30
For my workflow it would be nice to have a command line option for such feature. I track my documents in a private github repo and use github actions to...
>Would it be better if this were in fact part of the main binary, or should it be a separate one? Both sould work fine. Preferable separate since then some...
Wouldn't it be more straightforward to use the `max_user_namespaces` sysctl? If the user namespace is a child of the initial user namespace you could of course bump the max_user_namespaces value...
Note that this would also block exploiting vulnerabilities like CVE-2022-34918 without relying on some form of syscall filtering. This prevents processes inside the "sandbox" of utilizing exploitable kernel code that...
The interaction of the feature with #12263 should be checked carefully. I think ZFS would end and up being the first filesystem that supports both `FS_USERNS_MOUNT` and `FS_ALLOW_IDMAP`. Upsteam Linux...
>Thanks for the feedback. You are right, I verified that idmapped mount is not allowed in user namespace on Ubuntu 22.04 (which runs kernel 5.15.0), but there is nothing we...
Creating device nodes is still a privileged operation and a known limitation of containers not running in the initial user namespace. Looking at xfstest source code it looks like it...
> So, I tried a first pass at wiring up the Linux copy/clone range calls, and found a problem. > > You see, Linux has a hardcoded check in the...
> My thinking was that if we can know the source dataset, target dataset, and the file/inode being copied or moved, then this should still be enough for ZFS to...
Kernel 5.19 has changed the behavior of `copy_file_range` again and mostly restored the old 5.3 behavior. This change will/is be(ing) backported to older stable kernels. - https://github.com/torvalds/linux/commit/868f9f2f8e004bfe0d3935b1976f625b2924893b - https://lore.kernel.org/regressions/CAOQ4uxgya2-H9=qNZkRBO1exr=GRqyn=PFfGgAf0Px0VkH4bjQ@mail.gmail.com/ -...