Re: [libvirt] [PATCH v3 02/12] LXC: enable user namespace only when user set the uidmap
On Thu, May 23, 2013 at 12:06:46PM +0800, Gao feng wrote:
User namespace will be enabled only when the idmap exist
in configuration.
If you want disable user namespace,just remove these
elements from XML.
If kernel doesn't support user namespace and idmap exist
in configuration file, libvirt lxc will start failed and
return "Kernel doesn't support user namespace" message.
Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com>
---
src/lxc/lxc_container.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index c74e3ca..618252c 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -2116,9 +2114,15 @@ int lxcContainerStart(virDomainDefPtr def,
cflags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|SIGCHLD;
- if (userns_supported()) {
- VIR_DEBUG("Enable user namespaces");
- cflags |= CLONE_NEWUSER;
+ if (userns_required(def)) {
+ if (userns_supported()) {
+ VIR_DEBUG("Enable user namespace");
+ cflags |= CLONE_NEWUSER;
+ } else {
+ virReportSystemError(VIR_ERR_NO_KERNEL, "%s",
Use VIR_ERR_CONFIG_UNSUPPORTED for this error message.
+ _("Kernel doesn't support
user namespace"));
+ return -1;
+ }
}
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|