Linux NFS (v4) user namespace file permissions

Question

I am trying to set up a rootless container setup using podman and am having a problem with file permissions on NFS (running NFSv4).

Within the user namespace, I am able to create files as root on any filesystem, and to change ownership on any local filesystem, but not on a NFS mounted filesystem. Outside of the user namespace, as real root, I am able to change ownership of the same file to either a real or mapped UID.

Using buildah unshare to enter the user namespace:

> cat /etc/subuid
bruce:1065536:65536

> date > /local/testfile
> buildah unshare chown 250:250 /local/testfile
> ls -l /local/testfile
-rw-rw-r-- 1 1065785 1065785 29 May  6 11:51 /local/testfile

> date > /nfs/testfile
> buildah unshare chown 250:250 /nfs/testfile
chown: changing ownership of '/nfs/testfile': Operation not permitted
ERRO[0000] exit status 1                                
ERRO[0000] exit status 1                                
> sudo chown 1065785:1065785 /nfs/testfile
Password: 
> ls -l /nfs/testfile
-rw-rw-r-- 1 1065785 1065785 29 May  6 11:51 /nfs/testfile

What might I be missing here?

The line in `/etc/fstab` is simply `server:/home /home nfs _netdev,fsc 0 0`. The mount line recorded in `/proc/mounts` are: `rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp6,timeo=600,retrans=2,sec=sys,clientaddr=fd12:3456::abcd,fsc,local_lock=none,addr=fd12:3456::2222` (IPs changed) — Bruce, May 07 '19 at 21:28

Linux NFS (v4) user namespace file permissions

0 Answers0