Re: [libvirt] LXC: user namespaces

----- Ursprüngliche Mail ----- >> We'd like to use libvirt for managing our lxc machines. >> Currently libvirt lacks of user namespace support. >> Is anyone working on that? Otherwise David and I will implement it >> and send patches very soon. > > There were some people at Fujitsu who have done a little work on it. > They posted some very basic patches a month or two ago, but not heard > more since then, so don't know if any progress has been made by them. Found the patches. :) They do mostly the same what our preliminary userns support does. 1. Add support for uid/gid mappings. 2. Don't mount disallowed files systems in the userns. 3. Create devices nodes outside of the userns. What we still need to consider is how to deal with capability dropping. Daniel, do you have any plans how to support this? Using securebits would be a good idea. See [0] Gao feng, are you still working on the patch set? Let's work together to avoid duplicated work. If you don't have to time to cleanup/rework your patches we'll happily pick them up and base our work on them.

Thanks, //richard [0]: https://lkml.org/lkml/2013/4/29/445