[libvirt] [PATCH v2 2/8] LXC: enable user namespace when user set the uidmap
Gao feng
gaofeng at cn.fujitsu.com
Fri May 10 09:58:11 UTC 2013
If the idmap exist, the user namespace will be enabled
automatically.
If you want disable user namespace,just remove these
elements from XML.
Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
---
src/lxc/lxc_container.c | 14 ++++----------
1 file changed, 4 insertions(+), 10 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 8e1d10a..094f205 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -2030,16 +2030,10 @@ cleanup:
return ret;
}
-static int userns_supported(void)
+static int userns_supported(virDomainDefPtr def)
{
-#if 1
- /*
- * put off using userns until uid mapping is implemented
- */
- return 0;
-#else
- return lxcContainerAvailable(LXC_CONTAINER_FEATURE_USER) == 0;
-#endif
+ return (def->idmap.nuidmap && def->idmap.ngidmap &&
+ lxcContainerAvailable(LXC_CONTAINER_FEATURE_USER) == 0);
}
virArch lxcContainerGetAlt32bitArch(virArch arch)
@@ -2119,7 +2113,7 @@ int lxcContainerStart(virDomainDefPtr def,
cflags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|SIGCHLD;
- if (userns_supported()) {
+ if (userns_supported(def)) {
VIR_DEBUG("Enable user namespaces");
cflags |= CLONE_NEWUSER;
}
--
1.8.1.4
More information about the libvir-list
mailing list