diff options
| author | Will Andrews <[email protected]> | 2021-02-21 10:19:43 -0600 |
|---|---|---|
| committer | Brian Behlendorf <[email protected]> | 2022-06-10 09:51:46 -0700 |
| commit | 4ed5e25074ffec266df38556d9b3a928c5e0dee9 (patch) | |
| tree | 930f2397ca27e885ca33c05728802d7f19021f08 /include/libzfs.h | |
| parent | a1aa8f14c864b6851649f9c3e74e9f12e6518edd (diff) | |
Add Linux namespace delegation support
This allows ZFS datasets to be delegated to a user/mount namespace
Within that namespace, only the delegated datasets are visible
Works very similarly to Zones/Jailes on other ZFS OSes
As a user:
```
$ unshare -Um
$ zfs list
no datasets available
$ echo $$
1234
```
As root:
```
# zfs list
NAME ZONED MOUNTPOINT
containers off /containers
containers/host off /containers/host
containers/host/child off /containers/host/child
containers/host/child/gchild off /containers/host/child/gchild
containers/unpriv on /unpriv
containers/unpriv/child on /unpriv/child
containers/unpriv/child/gchild on /unpriv/child/gchild
# zfs zone /proc/1234/ns/user containers/unpriv
```
Back to the user namespace:
```
$ zfs list
NAME USED AVAIL REFER MOUNTPOINT
containers 129M 47.8G 24K /containers
containers/unpriv 128M 47.8G 24K /unpriv
containers/unpriv/child 128M 47.8G 128M /unpriv/child
```
Reviewed-by: Brian Behlendorf <[email protected]>
Signed-off-by: Will Andrews <[email protected]>
Signed-off-by: Allan Jude <[email protected]>
Signed-off-by: Mateusz Piotrowski <[email protected]>
Co-authored-by: Allan Jude <[email protected]>
Co-authored-by: Mateusz Piotrowski <[email protected]>
Sponsored-by: Buddy <https://buddy.works>
Closes #12263
Diffstat (limited to 'include/libzfs.h')
| -rw-r--r-- | include/libzfs.h | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/include/libzfs.h b/include/libzfs.h index 2c2aa3faf..fe420de4d 100644 --- a/include/libzfs.h +++ b/include/libzfs.h @@ -150,6 +150,7 @@ typedef enum zfs_error { EZFS_EXPORT_IN_PROGRESS, /* currently exporting the pool */ EZFS_REBUILDING, /* resilvering (sequential reconstrution) */ EZFS_VDEV_NOTSUP, /* ops not supported for this type of vdev */ + EZFS_NOT_USER_NAMESPACE, /* a file is not a user namespace */ EZFS_UNKNOWN } zfs_error_t; @@ -979,6 +980,15 @@ _LIBZFS_H int zpool_nextboot(libzfs_handle_t *, uint64_t, uint64_t, #endif /* __FreeBSD__ */ +#ifdef __linux__ + +/* + * Add or delete the given filesystem to/from the given user namespace. + */ +_LIBZFS_H int zfs_userns(zfs_handle_t *zhp, const char *nspath, int attach); + +#endif + #ifdef __cplusplus } #endif |