[libvirt] LXC: user namespaces
Gao feng
gaofeng at cn.fujitsu.com
Thu May 9 01:38:21 UTC 2013
On 04/30/2013 06:07 PM, Richard RW. Weinberger wrote:
> ----- Ursprüngliche Mail -----
>>> We'd like to use libvirt for managing our lxc machines.
>>> Currently libvirt lacks of user namespace support.
>>> Is anyone working on that? Otherwise David and I will implement it
>>> and send patches very soon.
>>
>> There were some people at Fujitsu who have done a little work on it.
>> They posted some very basic patches a month or two ago, but not heard
>> more since then, so don't know if any progress has been made by them.
>
> Found the patches. :)
> They do mostly the same what our preliminary userns support does.
> 1. Add support for uid/gid mappings.
> 2. Don't mount disallowed files systems in the userns.
> 3. Create devices nodes outside of the userns.
>
> What we still need to consider is how to deal with capability dropping.
> Daniel, do you have any plans how to support this?
> Using securebits would be a good idea.
> See [0]
>
> Gao feng, are you still working on the patch set?
> Let's work together to avoid duplicated work.
> If you don't have to time to cleanup/rework your patches
> we'll happily pick them up and base our work on them.
Sorry for the late response.
I'm working on this patchset now. and I also consider to add user quota for libvirt lxc.
Anyway I will post the version 2 in next week.
Thanks,
Gao
>
> Thanks,
> //richard
>
> [0]:
> https://lkml.org/lkml/2013/4/29/445
>
More information about the libvir-list
mailing list