[Devel] [PATCH v3 1/9] host uid and gid parameters

Glauber Costa glommer at openvz.org
Mon Apr 29 22:16:23 PDT 2013


From: Glauber Costa <glommer at parallels.com>

When running with an upstream Linux kernel that supports user namespaces,
we will run the container using an unprivileged user in the system. That
can be any user, and it serves as base to a 1:1 mapping between users in
the container and users in the host.

By default, the value 100000 will be used for both uid and gid.

Signed-off-by: Glauber Costa <glommer at parallels.com>
---
 etc/vz.conf.in        |  4 ++++
 include/res.h         |  2 ++
 include/vzctl_param.h |  3 +++
 src/lib/config.c      | 21 +++++++++++++++++++++
 4 files changed, 30 insertions(+)

diff --git a/etc/vz.conf.in b/etc/vz.conf.in
index 07da9c7..de240ac 100644
--- a/etc/vz.conf.in
+++ b/etc/vz.conf.in
@@ -39,6 +39,10 @@ DEF_OSTEMPLATE="centos-5"
 ## Filesystem layout for new CTs: either simfs (default) or ploop
 #VE_LAYOUT=ploop
 
+# User namespace configuration
+LOCAL_UID=100000
+LOCAL_GID=100000
+
 ## Load vzwdog module
 VZWDOG="no"
 
diff --git a/include/res.h b/include/res.h
index 7060aef..0dfacf7 100644
--- a/include/res.h
+++ b/include/res.h
@@ -56,6 +56,8 @@ typedef struct {
 	int onboot;
 	unsigned long *bootorder;
 	int wait;
+	unsigned long *local_uid;
+	unsigned long *local_gid;
 } misc_param;
 
 struct mod_action;
diff --git a/include/vzctl_param.h b/include/vzctl_param.h
index 99eb655..cb5ef70 100644
--- a/include/vzctl_param.h
+++ b/include/vzctl_param.h
@@ -150,5 +150,8 @@
 #define PARAM_MOUNT_OPTS	396
 
 
+#define PARAM_LOCAL_UID		397
+#define PARAM_LOCAL_GID		398
+
 #define PARAM_LINE		"e:p:f:t:i:l:k:a:b:n:x:h"
 #endif
diff --git a/src/lib/config.c b/src/lib/config.c
index 617df6a..cb0bfe0 100644
--- a/src/lib/config.c
+++ b/src/lib/config.c
@@ -128,6 +128,10 @@ static vps_config config[] = {
 {"CONFIGFILE",	NULL, PARAM_CONFIG},
 {"ORIGIN_SAMPLE",NULL,PARAM_CONFIG_SAMPLE},
 {"DISABLED",	NULL, PARAM_DISABLED},
+#ifdef HAVE_UPSTREAM
+{"LOCAL_UID",	NULL, PARAM_LOCAL_UID},
+{"LOCAL_GID",	NULL, PARAM_LOCAL_GID},
+#endif
 /* quota */
 {"DISK_QUOTA",	NULL, PARAM_DISK_QUOTA},
 {"DISKSPACE",	NULL, PARAM_DISKSPACE},
@@ -1364,6 +1368,12 @@ static int store_misc(vps_param *old_p, vps_param *vps_p, vps_config *conf,
 		ret = conf_store_strlist(conf_h, conf->name,
 			&misc->searchdomain, 0);
 		break;
+	case PARAM_LOCAL_UID:
+		ret = conf_store_ulong(conf_h, conf->name, misc->local_uid);
+		break;
+	case PARAM_LOCAL_GID:
+		ret = conf_store_ulong(conf_h, conf->name, misc->local_gid);
+		break;
 	}
 	return ret;
 }
@@ -1989,6 +1999,13 @@ static int parse(envid_t veid, vps_param *vps_p, char *val, int id)
 	case PARAM_IPTABLES:
 		ret = parse_iptables(&vps_p->res.env, val);
 		break;
+
+	case PARAM_LOCAL_UID:
+		conf_parse_ulong(&vps_p->res.misc.local_uid, val);
+		break;
+	case PARAM_LOCAL_GID:
+		conf_parse_ulong(&vps_p->res.misc.local_gid, val);
+		break;
 	case PARAM_LOCKEDPAGES:
 	case PARAM_PRIVVMPAGES:
 	case PARAM_SHMPAGES:
@@ -2694,6 +2711,8 @@ static void free_misc(misc_param *misc)
 	FREE_P(misc->hostname)
 	FREE_P(misc->description)
 	FREE_P(misc->bootorder)
+	FREE_P(misc->local_uid)
+	FREE_P(misc->local_gid)
 }
 
 static void free_net(net_param *net)
@@ -2862,6 +2881,8 @@ static void merge_misc(misc_param *dst, misc_param *src)
 	MERGE_STR(hostname)
 	MERGE_STR(description)
 	MERGE_INT(onboot)
+	MERGE_P(local_uid)
+	MERGE_P(local_gid)
 	MERGE_P(bootorder)
 	MERGE_INT(wait)
 }
-- 
1.7.11.7




More information about the Devel mailing list