[PATCH 1/2] erofs-utils: mkfs: improvement for unprivileged container support

Sun Aug 14 16:21:33 AEST 2022

On Sun, Aug 14, 2022 at 11:29:14AM +0900, Naoto Yamaguchi wrote:
> When developer want to use erofs at guest container rootfs, it require
> to uid/gid offsetting for each files.
> This patch add uid/gid offsetting feature to mkfs.erofs.
> 
> Example of how to use uid/gid offset:
>  In case of lxc guest image.
> 
>  Image creation:
>      mkafs.erofs --uid-offset=100000 --gid-offset=100000 file dir
> 
>  Set lxc config:
>      lxc.idmap = u 0 100000 65536
>      lxc.idmap = g 0 100000 65536
> 
> Signed-off-by: Naoto Yamaguchi <naoto.yamaguchi at aisin.co.jp>
> ---
>  include/erofs/config.h |  1 +
>  lib/inode.c            |  2 ++
>  mkfs/main.c            | 18 ++++++++++++++++++
>  3 files changed, 21 insertions(+)
> 
> diff --git a/include/erofs/config.h b/include/erofs/config.h
> index 0d0916c..19b7a67 100644
> --- a/include/erofs/config.h
> +++ b/include/erofs/config.h
> @@ -67,6 +67,7 @@ struct erofs_configure {
>  	u32 c_dict_size;
>  	u64 c_unix_timestamp;
>  	u32 c_uid, c_gid;
> +	u32 c_uid_offset, c_gid_offset;
>  #ifdef WITH_ANDROID
>  	char *mount_point;
>  	char *target_out_path;
> diff --git a/lib/inode.c b/lib/inode.c
> index f192510..cc72c01 100644
> --- a/lib/inode.c
> +++ b/lib/inode.c
> @@ -836,6 +836,8 @@ static int erofs_fill_inode(struct erofs_inode *inode,
>  	inode->i_mode = st->st_mode;
>  	inode->i_uid = cfg.c_uid == -1 ? st->st_uid : cfg.c_uid;
>  	inode->i_gid = cfg.c_gid == -1 ? st->st_gid : cfg.c_gid;
> +	inode->i_uid += cfg.c_uid_offset;
> +	inode->i_gid += cfg.c_gid_offset;
>  	inode->i_mtime = st->st_mtime;
>  	inode->i_mtime_nsec = ST_MTIM_NSEC(st);
>  
> diff --git a/mkfs/main.c b/mkfs/main.c
> index d2c9830..819b1f0 100644
> --- a/mkfs/main.c
> +++ b/mkfs/main.c
> @@ -51,6 +51,8 @@ static struct option long_options[] = {
>  	{"blobdev", required_argument, NULL, 13},
>  	{"ignore-mtime", no_argument, NULL, 14},
>  	{"preserve-mtime", no_argument, NULL, 15},
> +	{"uid-offset", required_argument, NULL, 16},
> +	{"gid-offset", required_argument, NULL, 17},
>  #ifdef WITH_ANDROID
>  	{"mount-point", required_argument, NULL, 512},
>  	{"product-out", required_argument, NULL, 513},
> @@ -97,6 +99,8 @@ static void usage(void)
>  #endif
>  	      " --force-uid=#         set all file uids to # (# = UID)\n"
>  	      " --force-gid=#         set all file gids to # (# = GID)\n"
> +	      " --uid-offset=#        add offset # to all file uids (# = id offset)\n"
> +	      " --gid-offset=#        add offset # to all file gids (# = id offset)\n"

I will update this here to follow alphabet order as well.

Thanks,
Gao Xiang

>  	      " --help                display this help and exit\n"
>  	      " --ignore-mtime        use build time instead of strict per-file modification time\n"
>  	      " --max-extent-bytes=#  set maximum decompressed extent size # in bytes\n"
> @@ -323,6 +327,20 @@ static int mkfs_parse_options_cfg(int argc, char *argv[])
>  		case 10:
>  			cfg.c_compress_hints_file = optarg;
>  			break;
> +		case 16:
> +			cfg.c_uid_offset = strtoul(optarg, &endptr, 0);
> +			if (cfg.c_uid_offset == -1 || *endptr != '\0') {
> +				erofs_err("invalid uid offset %s", optarg);
> +				return -EINVAL;
> +			}
> +			break;
> +		case 17:
> +			cfg.c_gid_offset = strtoul(optarg, &endptr, 0);
> +			if (cfg.c_gid_offset == -1 || *endptr != '\0') {
> +				erofs_err("invalid gid offset %s", optarg);
> +				return -EINVAL;
> +			}
> +			break;
>  #ifdef WITH_ANDROID
>  		case 512:
>  			cfg.mount_point = optarg;
> -- 
> 2.25.1
> 