[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH v3 00/12] Add user namespace support for libvirt lxc



This patchset try to add userns support for libvirt lxc.
Since userns is nearly completed in linux-3.9, the old
kernel doesn't support userns, I add some New XML elements
to let people decide if enable userns.The userns is enabled
only when user configure the XML.

The format of user namespace related XML file like below:
<idmap>
    <uid start='0' target='1000' count='10'>
    <gid start='0' target='1000' count='10'>
</idmap>
it means the user in container (which uid:gid is 0:0) will
be mapped to the user in host (uid:gid is 1000:1000), count
is used to form an u/gid range: The users in container which
uid in [start, start + count -1] will be mapped.

You can have multiple lines to map differnet id ranges,
caution, you must make sure the root user of container has
been mapped.

This patchset also does the below jobs.

1, Because the uninit userns has no right to create devices,
   we should create devices for container on host.
2, Changes the owner of fuse and tty device.

Change from v2:
1, Mount tmpfs on /stateDir/domain.dev
2, Create devices under /stateDir/doamin.dev/
3, Mount Move the /.oldroot/stateDir/doamin.dev/ on the /dev/ of container
4, Enhance the configuration, disallow the semi configuration

Gao feng (12):
  LXC: Introduce New XML element for user namespace
  LXC: enable user namespace only when user set the uidmap
  LXC: sort the uidmap/gidmap of domain
  LXC: introduce virLXCControllerSetupUserns and lxcContainerSetID
  LXC: Creating devices for container on host side
  LXC: Move creating /dev/ptmx to virLXCControllerSetupDevPTS
  LXC: fuse: Change files owner to the root user of container
  LXC: controller: change the owner of tty devices to the root user of
    container
  LXC: controller: change the owner of /dev to the root user of
    container
  LXC: controller: change the owner of devices created on host
  LXC: controller: change the owner of /dev/pts and ptmx to the root of
    container
  LXC: introduce virLXCControllerChown

 docs/formatdomain.html.in     |  23 ++++
 docs/schemas/domaincommon.rng |  31 +++++
 src/conf/domain_conf.c        | 115 ++++++++++++++++++
 src/conf/domain_conf.h        |  22 ++++
 src/lxc/lxc_container.c       | 183 ++++++++++++++--------------
 src/lxc/lxc_controller.c      | 271 +++++++++++++++++++++++++++++++++++++++++-
 src/lxc/lxc_fuse.c            |   6 +
 7 files changed, 557 insertions(+), 94 deletions(-)

-- 
1.8.1.4


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]