On 02/09/2011 04:02 AM, Daniel P. Berrange wrote:
This patch assumes that noone really needs the user namespaces to be enabled. If that is wrong, then we can try a more baroque patch where we create a file owned by a test userid with 700 perms and, if we can't access it after setuid'ing to that userid, then return 0. Otherwise, assume we are using an older, 'harmless' user namespace implementation.
Comments appreciated. Is it ok to do this?
Given what you describe on the UserNamespaces wiki page I believe this is the right thing todo in libvirt. There's no compelling reason why we were setting this flag in the first place, other than the fact that it existed & was thought todo something.
ACK
Pushed. -- Eric Blake eblake@redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org