Idmapped-mounts

On most Linux filesystems ownership is expressed in the form of user identifiers (uid) and group identifiers (gid). The only way to alter ownership of a filesystem object is to use a system call from the chown* family to specify a new uid and gid. Changing ownership in this way is a systemd-wide and permanent operation.

But various use-cases exist that require an API which allows to change ownership of filesystem objects in a localized and temporary way. This API is available in Linux in the form of idmapped mounts. Idmapped mounts allow ownership changs which are restricted to and bound to the lifetime of a mount.

This talk will introduce the various use-cases that exist and give a detailed explanation and demo how idmapped mounts work and touch on some outstanding problems that still need to be solved.

Christian Brauner