Package Details: shiftfs-dkms 20220704-1

Git Clone URL: https://aur.archlinux.org/shiftfs-dkms.git (read-only, click to copy)
Package Base: shiftfs-dkms
Description: Linux kernel module that provides a kernel filesystem for uid/gid shifting; dkms version for 5.18.x and 5.19.x kernels
Upstream URL: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/kinetic/log/fs/shiftfs.c?h=lowlatency-next
Keywords: lxd
Licenses: GPL2
Conflicts: shiftfs-dkms
Provides: shiftfs-dkms
Submitter: G3ro
Maintainer: None
Last Packager: G3ro
Votes: 1
Popularity: 0.000000
First Submitted: 2020-09-29 19:53 (UTC)
Last Updated: 2022-07-18 21:04 (UTC)

Dependencies (1)

Required by (0)

Sources (3)

Pinned Comments

G3ro commented on 2021-07-25 19:23 (UTC) (edited on 2022-07-18 21:10 (UTC) by G3ro)

Notes:

  • This version is for kernel versions 5.18.x and 5.19.x .

5.19.x is untested for now though.

  • shiftfs shouldn’t be mounted on top of idmapped mounts and vice versa (see: comment by developer)

For kernel version 5.15.x, see shiftfs-lts-dkms instead.

G3ro commented on 2020-09-29 20:07 (UTC) (edited on 2022-07-18 21:10 (UTC) by G3ro)

Details: shiftfs is a kernel filesystem for uid/gid-shifting.
It is used by LXD for example.

Note: The successor for shiftfs is available, see https://github.com/toby63/shiftfs-dkms#about for more information.

You find more details (including limitations etc.) in the official LXD forum:
https://discuss.linuxcontainers.org/t/trying-out-shiftfs/5155
https://discuss.linuxcontainers.org/t/lxd-usecases-of-shiftfs-volume-disk-share/7735
and in my Github repo: https://github.com/toby63/shiftfs-dkms

Report on the initial implementation in the Ubuntu Kernel repo:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823186

Usage in LXD:

If you use the LXD package from the Arch Repos, shiftfs will be enabled by default.
You can check whether it is enabled with "lxc info" (look for: shiftfs: "true").

Latest Comments

« First ‹ Previous 1 2

G3ro commented on 2021-04-17 14:33 (UTC) (edited on 2021-04-17 14:34 (UTC) by G3ro)

@gamezelda: Yes that is a known limitation. I didn't add a note here, because:

  1. It's a very special usecase.
  2. It is included in the top of the LXD forum post that I link to directly, so it's like reading the manual first (if you know what I mean).

Still I will clarify the original comment an bit.

For those interested in using overlayfs on top of shiftfs inside your container: It is also likely possible to put a patched version of the overlayfs-module into a dkms-package, so you don't have to rebuild the whole kernel.

Regarding the -git suffix: The situation here is not so easy. Essentially I use a specific file as a source, not the whole git repo. There are methods such as git-sparse-checkout etc., but:

  1. It's experimental.
  2. I don't know (haven't tested) whether it works with makepkg (I doubt it for now).

This leads to the situation that:

  1. I can't link to a specific commit (for stable version approach)
  2. The user will not be notified about updates (that are checked via the commit id) (for git approach).

Maybe this information is wrong and maybe there is a solution I don't know.

Assuming that it is correct, one could still argue that I should name it "shiftfs-dkms-git" etc. anyway; I will think about that some more.

gamezelda commented on 2021-04-16 22:21 (UTC) (edited on 2021-04-16 22:24 (UTC) by gamezelda)

A warning that may save someone a lot of time:

Additionally to this kernel module, Ubuntu also has an additional patch outside the module that fixes mounting an overlayfs on top of a shiftfs "UBUNTU: SAUCE: overlayfs: allow with shiftfs as underlay": https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/hirsute/commit/?h=master-next&id=d6c123354a5f2b3d2fb7d11bf50ebf58dd511303 (Remember to replace/define SHIFTFS_MAGIC on the patch with the value in this package's Makefile!)

If you don't apply this patch on your kernel, it will allow you to do the mount, but then it will crash (kernel panic) when you try to read a file on the shiftfs from the overlayfs. As a note, I doubt many of you are using Arch to run production workloads, but on the latest Linux kernels an unprivileged user can mount an overlayfs, so this can probably be used as a DoS vector (I haven't actually tested it).

This code will trigger a crash if you don't have the patch:

sudo modprobe shiftfs
mkdir -p "/tmp/cme" "/tmp/cme2"
echo "hello" > "/tmp/cme/x"

sudo mount -t shiftfs -o mark "/tmp/cme" "/tmp/cme"
mkdir -p /tmp/{upper,work}
sudo mount -t overlay -o lowerdir="/tmp/cme",upperdir=/tmp/upper,workdir=/tmp/work none "/tmp/cme2"

echo "CRASHING NOW"
cat "/tmp/cme2/x"

PS: BTW, this package and shiftfs should either be pinned to a specific commit, or suffixed with '-git'.

G3ro commented on 2020-09-29 20:07 (UTC) (edited on 2022-07-18 21:10 (UTC) by G3ro)

Details: shiftfs is a kernel filesystem for uid/gid-shifting.
It is used by LXD for example.

Note: The successor for shiftfs is available, see https://github.com/toby63/shiftfs-dkms#about for more information.

You find more details (including limitations etc.) in the official LXD forum:
https://discuss.linuxcontainers.org/t/trying-out-shiftfs/5155
https://discuss.linuxcontainers.org/t/lxd-usecases-of-shiftfs-volume-disk-share/7735
and in my Github repo: https://github.com/toby63/shiftfs-dkms

Report on the initial implementation in the Ubuntu Kernel repo:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1823186

Usage in LXD:

If you use the LXD package from the Arch Repos, shiftfs will be enabled by default.
You can check whether it is enabled with "lxc info" (look for: shiftfs: "true").

« First ‹ Previous 1 2