On Mon, Feb 17, 2020 at 01:06:08PM -0800, James Bottomley wrote:

On Fri, 2020-02-14 at 19:35 +0100, Christian Brauner wrote:
[...]

quoted

People not as familiar with user namespaces might not be aware that
fsid mappings already exist. Right now, fsid mappings are always
identical to id mappings. Specifically, the kernel will lookup fsuids
in the uid mappings and fsgids in the gid mappings of the relevant
user namespace.

This isn't actually entirely true: today we have the superblock user
namespace, which can be used for fsid remapping on filesystems that
support it (currently f2fs and fuse).  Since this is a single shift,

Note that this states "the relevant" user namespace not the caller's
user namespace. And the point is true even for such filesystems. fuse
does call make_kuid(fc->user_ns, attr->uid) and hence looks up the
mapping in the id mappings.. This would be replaced by make_kfsuid().

how is it going to play with s_user_ns?  Do you have to understand the
superblock mapping to use this shift, or are we simply using this to
replace s_user_ns?

I'm not sure what you mean by understand the superblock mapping. The
case is not different from the devpts patch in this series.
Fuse needs to be changed to call make_kfsuid() since it is mountable
inside user namespaces at which point everthing just works.