[libvirt] [PATCH v3 00/12] Add user namespace support for libvirt lxc
Daniel P. Berrange
berrange at redhat.com
Tue Jun 4 11:03:37 UTC 2013
On Tue, Jun 04, 2013 at 06:54:10PM +0800, Gao feng wrote:
> On 06/04/2013 06:41 PM, richard -rw- weinberger wrote:
> > On Thu, May 23, 2013 at 6:06 AM, Gao feng <gaofeng at cn.fujitsu.com> wrote:
> >> This patchset try to add userns support for libvirt lxc.
> >> Since userns is nearly completed in linux-3.9, the old
> >> kernel doesn't support userns, I add some New XML elements
> >> to let people decide if enable userns.The userns is enabled
> >> only when user configure the XML.
> >>
> >> The format of user namespace related XML file like below:
> >> <idmap>
> >> <uid start='0' target='1000' count='10'>
> >> <gid start='0' target='1000' count='10'>
> >> </idmap>
> >> it means the user in container (which uid:gid is 0:0) will
> >> be mapped to the user in host (uid:gid is 1000:1000), count
> >> is used to form an u/gid range: The users in container which
> >> uid in [start, start + count -1] will be mapped.
> >>
> >> You can have multiple lines to map differnet id ranges,
> >> caution, you must make sure the root user of container has
> >> been mapped.
> >>
> >> This patchset also does the below jobs.
> >>
> >> 1, Because the uninit userns has no right to create devices,
> >> we should create devices for container on host.
> >> 2, Changes the owner of fuse and tty device.
> >>
> >> Change from v2:
> >> 1, Mount tmpfs on /stateDir/domain.dev
> >> 2, Create devices under /stateDir/doamin.dev/
> >> 3, Mount Move the /.oldroot/stateDir/doamin.dev/ on the /dev/ of container
> >> 4, Enhance the configuration, disallow the semi configuration
> >>
> >> Gao feng (12):
> >> LXC: Introduce New XML element for user namespace
> >> LXC: enable user namespace only when user set the uidmap
> >> LXC: sort the uidmap/gidmap of domain
> >> LXC: introduce virLXCControllerSetupUserns and lxcContainerSetID
> >> LXC: Creating devices for container on host side
> >> LXC: Move creating /dev/ptmx to virLXCControllerSetupDevPTS
> >> LXC: fuse: Change files owner to the root user of container
> >> LXC: controller: change the owner of tty devices to the root user of
> >> container
> >> LXC: controller: change the owner of /dev to the root user of
> >> container
> >> LXC: controller: change the owner of devices created on host
> >> LXC: controller: change the owner of /dev/pts and ptmx to the root of
> >> container
> >> LXC: introduce virLXCControllerChown
> >>
> >> docs/formatdomain.html.in | 23 ++++
> >> docs/schemas/domaincommon.rng | 31 +++++
> >> src/conf/domain_conf.c | 115 ++++++++++++++++++
> >> src/conf/domain_conf.h | 22 ++++
> >> src/lxc/lxc_container.c | 183 ++++++++++++++--------------
> >> src/lxc/lxc_controller.c | 271 +++++++++++++++++++++++++++++++++++++++++-
> >> src/lxc/lxc_fuse.c | 6 +
> >> 7 files changed, 557 insertions(+), 94 deletions(-)
> >
> > I'm wondering what the state of this patch set is.
> > I'd really like to see it mainline. :-)
> >
>
> It's still under review. needs some ACK.
> If you can help to test or ACK this patchset, it will be very helpful. :)
>
> Actually, I just want to ping...
I've been away on holiday for 2 weeks, so not had a chance to review
it yet. I'll get to it this week. I hope we'll get this in the 1.0.6
release this month.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list