[virt-tools-list] [virt-manager PATCH] virt-install: add support for user namespace
Chen Hanxiao
chen_han_xiao at 126.com
Sun Feb 9 14:13:52 UTC 2014
On 02/09/2014 09:56 PM, Cole Robinson wrote:
> On 02/08/2014 12:16 PM, Chen Hanxiao wrote:
>> From: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
>>
>> This patch will enable configuring user namespace
>> for LXC containers, etc.
>>
>
> Some comments below
>
>> Signed-off-by: Chen Hanxiao <chenhanxiao at cn.fujitsu.com>
>> ---
>>
>> Use --boot=? to see a list of all available sub options. Complete details at L<http://libvirt.org/formatdomain.html#elementsOS>
>>
>> +=item --userns=USERNSOPTS
>> +
>
> I'd prefer to have this option just map to the libvirt XML name. So --idmap,
> uid_* and gid_*. Same with the UserNamespace object and its members.
>
how about:
--idmap uid_start=0,uid_target=1000,uid_count=10,XXXX
And I'll rename userns.py to idmap, also with its members.
v2 will come soon.
>> +If the guest configuration declares a UID or GID mapping,
>> +the 'user' namespace will be enabled to apply these.
>> +A suitably configured UID/GID mapping is a pre-requisite to
>> +make containers secure, in the absence of sVirt confinement.
>> +
>> +--usens can be sepicified to enable user namespace for LXC containers
>> +
>
>
> --userns can be specified
>
>> +Example:
>> + --userns user_start=0,user_target=1000,user_count=10,grp_start=0,grp_target=1000,grp_count=10
>> +
>> +Use -userns=? to see a list of all available sub options. Complete details at L<http://libvirt.org/formatdomain.html#elementsOSContainer>
>> +
>
> Missing a -, should be --userns=?
>
Sorry for that.
> Also if you wanted to add a libvirt patch, the docs there have a few minor errors:
>
> - needs a space after the comma
> - capitalize The at beginning of second sentence
> - capitalize 'id'
> - container being allowed -> container are allowed
>
Thanks for your gift:)
> - Cole
>
>
More information about the virt-tools-list
mailing list