[libvirt] [RFC PATCH 1/6] LXC: New XML element for user namespace
Gao feng
gaofeng at cn.fujitsu.com
Thu Mar 14 02:46:18 UTC 2013
On 2013/03/13 18:51, Daniel P. Berrange wrote:
> On Mon, Mar 11, 2013 at 02:26:47PM +0800, Gao feng wrote:
>> This patch introduces three new elements in <os> for
>> user namespace. for example
>> <os>
>> <userns enabled='yes'/>
>> <uidmap first='0' low_first='1000' count='10'/>
>> <gidmap first='0' low_first='1000' count='10'/>
>> </os>
>>
>> this new element userns is used for controlling if enable
>> userns for the domain.
>
> We've previously used the <features> block to control whether
> namespaces are enabled. So I'd prefer to see that we use
> a '<privuser/>' feature flag for this purpose.
>
Yes, this is more reasonable.
Will do it.
>> the other two elements uidmap and gidmap are used for
>> setting proc files /proc/<pid>/{uid_map,gid_map}.
>
> There can be many entries per maps, so we should be grouping
> them in some way. I don't think they belong inside <os> since
> that is about the guest boot mechanism.
>
> Instead we want something like
>
> <idmap>
> <uid start="0" count="100" target="1000"/>
> <uid start="65536" count="1" target="1101"/>
> <gid start="0" count="100" target="1000"/>
> <gid start="65536" count="1" target="1101"/>
> </idmap>
>
>
> If a <idmap> element is present, then we should automatically
> set the <privuer/> feature flag during parsing, if not already
> set by the user.
>
Get it.
Thanks!
More information about the libvir-list
mailing list