[libvirt] [PATCH v4 00/10] Add user namespace support for libvirt lxc

Daniel P. Berrange berrange at redhat.com
Tue Jul 2 10:24:48 UTC 2013


On Fri, Jun 07, 2013 at 03:12:17PM +0800, Gao feng wrote:
> This patchset try to add userns support for libvirt lxc.
> Since userns is nearly completed in linux-3.9, the old
> kernel doesn't support userns, I add some New XML elements
> to let people decide if enable userns.The userns is enabled
> only when user configure the XML.
> 
> The format of user namespace related XML file like below:
> <idmap>
>     <uid start='0' target='1000' count='10'>
>     <gid start='0' target='1000' count='10'>
> </idmap>
> it means the user in container (which uid:gid is 0:0) will
> be mapped to the user in host (uid:gid is 1000:1000), count
> is used to form an u/gid range: The users in container which
> uid in [start, start + count -1] will be mapped.
> 
> You can have multiple lines to map differnet id ranges,
> caution, you must make sure the root user of container has
> been mapped.
> 
> This patchset also does the below jobs.
> 
> 1, Because the uninit userns has no right to create devices,
>    we should create devices for container on host.
> 2, Changes the owner of fuse and tty device.
> 
> Change from v3:
> 1, fix some bugs that Daniel pointed out
> 2, reorder the patchset,introduce virLXCControllerChown first.
> 3, rebase
> 
> Change from v2:
> 1, Mount tmpfs on /stateDir/domain.dev
> 2, Create devices under /stateDir/doamin.dev/
> 3, Mount Move the /.oldroot/stateDir/doamin.dev/ on the /dev/ of container
> 4, Enhance the configuration, disallow the semi configuration
> 
> 
> Gao feng (10):
>   LXC: Introduce New XML element for user namespace
>   LXC: enable user namespace only when user set the uidmap
>   LXC: sort the uidmap/gidmap of domain
>   LXC: introduce virLXCControllerSetupUserns and lxcContainerSetID
>   LXC: Creating devices for container on host side
>   LXC: controller: change the owner of tty devices to the root user of
>     container
>   LXC: controller: change the owner of /dev to the root user of
>     container
>   LXC: controller: change the owner of devices created on host
>   LXC: controller: change the owner of /dev/pts and ptmx to the root of
>     container
>   LXC: fuse: Change files owner to the root user of container
> 
>  docs/formatdomain.html.in     |  23 +++++
>  docs/schemas/domaincommon.rng |  31 ++++++
>  src/conf/domain_conf.c        | 115 +++++++++++++++++++++
>  src/conf/domain_conf.h        |  22 ++++
>  src/lxc/lxc_container.c       | 173 +++++++++++++++++--------------
>  src/lxc/lxc_controller.c      | 235 ++++++++++++++++++++++++++++++++++++++++--
>  src/lxc/lxc_fuse.c            |   4 +
>  7 files changed, 516 insertions(+), 87 deletions(-)

FYI, this patchset is now merged.

I fixed up error reporting in patch 1, and I made a slight change to
patch #4, to avoid needlessly moving some functions.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|




More information about the libvir-list mailing list