On Tue, Jun 04, 2013 at 06:54:10PM +0800, Gao feng wrote:
On 06/04/2013 06:41 PM, richard -rw- weinberger wrote:
On Thu, May 23, 2013 at 6:06 AM, Gao feng <gaofeng@cn.fujitsu.com> wrote:
This patchset try to add userns support for libvirt lxc. Since userns is nearly completed in linux-3.9, the old kernel doesn't support userns, I add some New XML elements to let people decide if enable userns.The userns is enabled only when user configure the XML.
The format of user namespace related XML file like below: <idmap> <uid start='0' target='1000' count='10'> <gid start='0' target='1000' count='10'> </idmap> it means the user in container (which uid:gid is 0:0) will be mapped to the user in host (uid:gid is 1000:1000), count is used to form an u/gid range: The users in container which uid in [start, start + count -1] will be mapped.
You can have multiple lines to map differnet id ranges, caution, you must make sure the root user of container has been mapped.
This patchset also does the below jobs.
1, Because the uninit userns has no right to create devices, we should create devices for container on host. 2, Changes the owner of fuse and tty device.
Change from v2: 1, Mount tmpfs on /stateDir/domain.dev 2, Create devices under /stateDir/doamin.dev/ 3, Mount Move the /.oldroot/stateDir/doamin.dev/ on the /dev/ of container 4, Enhance the configuration, disallow the semi configuration
Gao feng (12): LXC: Introduce New XML element for user namespace LXC: enable user namespace only when user set the uidmap LXC: sort the uidmap/gidmap of domain LXC: introduce virLXCControllerSetupUserns and lxcContainerSetID LXC: Creating devices for container on host side LXC: Move creating /dev/ptmx to virLXCControllerSetupDevPTS LXC: fuse: Change files owner to the root user of container LXC: controller: change the owner of tty devices to the root user of container LXC: controller: change the owner of /dev to the root user of container LXC: controller: change the owner of devices created on host LXC: controller: change the owner of /dev/pts and ptmx to the root of container LXC: introduce virLXCControllerChown
docs/formatdomain.html.in | 23 ++++ docs/schemas/domaincommon.rng | 31 +++++ src/conf/domain_conf.c | 115 ++++++++++++++++++ src/conf/domain_conf.h | 22 ++++ src/lxc/lxc_container.c | 183 ++++++++++++++-------------- src/lxc/lxc_controller.c | 271 +++++++++++++++++++++++++++++++++++++++++- src/lxc/lxc_fuse.c | 6 + 7 files changed, 557 insertions(+), 94 deletions(-)
I'm wondering what the state of this patch set is. I'd really like to see it mainline. :-)
It's still under review. needs some ACK. If you can help to test or ACK this patchset, it will be very helpful. :)
Actually, I just want to ping...
I've been away on holiday for 2 weeks, so not had a chance to review it yet. I'll get to it this week. I hope we'll get this in the 1.0.6 release this month. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|