[libvirt] [PATCH RFC] Don't use CLONE_NEWUSER for now
Eric Blake
eblake at redhat.com
Wed Feb 9 15:27:39 UTC 2011
On 02/09/2011 04:02 AM, Daniel P. Berrange wrote:
>> This patch assumes that noone really needs the user namespaces
>> to be enabled. If that is wrong, then we can try a more
>> baroque patch where we create a file owned by a test userid with
>> 700 perms and, if we can't access it after setuid'ing to that
>> userid, then return 0. Otherwise, assume we are using an
>> older, 'harmless' user namespace implementation.
>>
>> Comments appreciated. Is it ok to do this?
>
> Given what you describe on the UserNamespaces wiki page I believe
> this is the right thing todo in libvirt. There's no compelling
> reason why we were setting this flag in the first place, other
> than the fact that it existed & was thought todo something.
>
> ACK
Pushed.
--
Eric Blake eblake at redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110209/9968b110/attachment-0001.sig>
More information about the libvir-list
mailing list