[libvirt] [PATCH v3 02/12] LXC: enable user namespace only when user set the uidmap
Daniel P. Berrange
berrange at redhat.com
Tue Jun 4 13:26:56 UTC 2013
On Thu, May 23, 2013 at 12:06:46PM +0800, Gao feng wrote:
> User namespace will be enabled only when the idmap exist
> in configuration.
>
> If you want disable user namespace,just remove these
> elements from XML.
>
> If kernel doesn't support user namespace and idmap exist
> in configuration file, libvirt lxc will start failed and
> return "Kernel doesn't support user namespace" message.
>
> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
> ---
> src/lxc/lxc_container.c | 24 ++++++++++++++----------
> 1 file changed, 14 insertions(+), 10 deletions(-)
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index c74e3ca..618252c 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -2116,9 +2114,15 @@ int lxcContainerStart(virDomainDefPtr def,
>
> cflags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|SIGCHLD;
>
> - if (userns_supported()) {
> - VIR_DEBUG("Enable user namespaces");
> - cflags |= CLONE_NEWUSER;
> + if (userns_required(def)) {
> + if (userns_supported()) {
> + VIR_DEBUG("Enable user namespace");
> + cflags |= CLONE_NEWUSER;
> + } else {
> + virReportSystemError(VIR_ERR_NO_KERNEL, "%s",
Use VIR_ERR_CONFIG_UNSUPPORTED for this error message.
> + _("Kernel doesn't support user namespace"));
> + return -1;
> + }
> }
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list