On Tue, Jan 10, 2017 at 3:46 PM, Vivek Goyal <vgo...@redhat.com> wrote: > On Tue, Jan 10, 2017 at 02:26:48PM +0300, Konstantin Khlebnikov wrote: >> If overlay was mounted by root then quota set for upper layer does not work >> because overlay now always use mounter's credentials for operations. >> >> This patch adds second copy of credentials without CAP_SYS_RESOURCE and >> use it if current task doesn't have this capability in mounter's user-ns. >> This affects creation new files, whiteouts, and copy-up operations. >> >> Now quota limits are ignored only if both mounter and current task have >> capability CAP_SYS_RESOURCE in root user namespace. > > This makes sense to me. I too would like quota to take effect for > containers on overlay.
At first sight I hated this patch. It breaks the nice concept that underlying filesystems are just storage for the overlay and don't care about caller's privileges (as a block device wouldn't care about caller's privileges when allocating space). However I don't see a good way around this, so... Looks like this also has effect on reserving space in ext4, not sure what that entails. Thanks, Miklos
