[libvirt] [PATCH RFC] Don't use CLONE_NEWUSER for now

Eric Blake eblake at redhat.com
Wed Feb 9 15:27:39 UTC 2011


On 02/09/2011 04:02 AM, Daniel P. Berrange wrote:
>> This patch assumes that noone really needs the user namespaces
>> to be enabled.  If that is wrong, then we can try a more
>> baroque patch where we create a file owned by a test userid with
>> 700 perms and, if we can't access it after setuid'ing to that
>> userid, then return 0.  Otherwise, assume we are using an
>> older, 'harmless' user namespace implementation.
>>
>> Comments appreciated.  Is it ok to do this?
> 
> Given what you describe on the UserNamespaces wiki page I believe
> this is the right thing todo in libvirt. There's no compelling
> reason why we were setting this flag in the first place, other
> than the fact that it existed & was thought todo something.
> 

> ACK

Pushed.

-- 
Eric Blake   eblake at redhat.com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 619 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20110209/9968b110/attachment-0001.sig>


More information about the libvir-list mailing list