From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 9F4FB1FF141
	for <inbox@lore.proxmox.com>; Fri, 27 Feb 2026 16:01:05 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id C498314D7C;
	Fri, 27 Feb 2026 16:02:00 +0100 (CET)
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Fri, 27 Feb 2026 16:01:52 +0100
Message-Id: <DGPU2HVHECAM.2MJRHDOH4NIEH@proxmox.com>
From: "Daniel Kral" <d.kral@proxmox.com>
To: "Maximiliano Sandoval" <m.sandoval@proxmox.com>, "Filip Schauer"
 <f.schauer@proxmox.com>
Subject: Re: [PATCH container 7/8] implement per-mountpoint uid/gid mapping
X-Mailer: aerc 0.21.0-38-g7088c3642f2c-dirty
References: <20260223130706.90972-1-f.schauer@proxmox.com>
 <20260223130706.90972-8-f.schauer@proxmox.com> <s8oldgeckt3.fsf@toolbox>
In-Reply-To: <s8oldgeckt3.fsf@toolbox>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1772204493522
X-SPAM-LEVEL: Spam detection results:  0
	AWL                    -1.036 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	RCVD_IN_VALIDITY_CERTIFIED_BLOCKED  1.158 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	RCVD_IN_VALIDITY_RPBL_BLOCKED  0.306 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	RCVD_IN_VALIDITY_SAFE_BLOCKED  0.668 ADMINISTRATOR NOTICE: The query to
 Validity was blocked.  See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: GJAIDVTVQX3YAXSOVCG7B7EHMQ6IUCQR
X-Message-ID-Hash: GJAIDVTVQX3YAXSOVCG7B7EHMQ6IUCQR
X-MailFrom: d.kral@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: pve-devel@lists.proxmox.com
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

On Fri Feb 27, 2026 at 3:39 PM CET, Maximiliano Sandoval wrote:
> Filip Schauer <f.schauer@proxmox.com> writes:
>> diff --git a/src/PVE/LXC/Config.pm b/src/PVE/LXC/Config.pm
>> index 5442586..9f56bc7 100644
>> --- a/src/PVE/LXC/Config.pm
>> +++ b/src/PVE/LXC/Config.pm
>> @@ -369,6 +369,13 @@ my $rootfs_desc =3D {
>>          format_description =3D> 'opt[;opt...]',
>>          pattern =3D> qr/$valid_mount_option_re(;$valid_mount_option_re)=
*/,
>>      },
>> +    idmap =3D> {
>> +        optional =3D> 1,
>> +        type =3D> 'string',
>> +        description =3D> 'Map specific UIDs/GIDs to specific host
>> UIDs/GIDs for this mount point',
>
>
> I think this would benefit from a verbose_description, it is not clear
> to me whether the syntax 123:456:1 maps 123 from the root to 456 on the
> container or the other way around. Perhaps an explicit example would be
> helpful.

+1, especially that each field's purpose is clarified once more there as
the user/group id mappings can be confusing at first for users.

>
>> +        format_description =3D> 'id-type:id-mount:id-host:id-range id-t=
ype:id-mount:...',

nit: id-range-size might be a bit clearer that it specifies a single
     integer, which is the size of the id map range.

I guess the string could also be abbreviated to
<type>:<mount>:<host>:<range-size> if it's clear to the user that all of
these refer to the user/group ids for a idmap.

Might also make sense to make it more apparent that that string can be
repeated:

    format_description =3D> '<type>:<mount>:<host>:<range-size>{ <type>:<mo=
unt>:<host>:<range-size>}*',

On another note, do we have other properties where we use space as a
separator? It makes sense here as it's used like that in the underlying
API but might make our API inconsistent, but might be a bit pedantic
from my side.

>> +        pattern =3D> qr/^(?:[ug]:[0-9]+:[0-9]+:[1-9][0-9]*)(?: [ug]:[0-=
9]+:[0-9]+:[1-9][0-9]*)*$/,
>> +    },
>>      ro =3D> {
>>          type =3D> 'boolean',
>>          description =3D> 'Read-only mount point',