[Devel] [PATCH 0/6] Unprivileged containers with user namespaces
Glauber Costa
glommer at parallels.com
Mon Mar 11 04:01:21 PDT 2013
Kir,
Please take a look at the following patches. They implement support for
unprivileged containers using user namespaces, and should work, modulo bugs.
vzctl enter is still not working, but that seems to be due to lack of support
for some functionality in the kernel, nothing we can do in userspace. (I am
already investigating this).
Glauber Costa (6):
host uid and gid parameters
adjust fs_create parameter
run modified tar if upstream
user namespace support for upstream containers
add user mismatch test
allow local uid and gid to be specified at container creation
include/res.h | 8 ++++
include/types.h | 1 +
include/vzctl_param.h | 3 ++
man/vzctl.8.in | 14 +++++++
scripts/vps-create.in | 18 +++++++++
src/lib/Makefile.am | 3 ++
src/lib/chown_preload.c | 73 ++++++++++++++++++++++++++++++++++
src/lib/config.c | 32 +++++++++++++++
src/lib/create.c | 30 +++++++++-----
src/lib/env.c | 29 ++++++++++++++
src/lib/hooks_ct.c | 103 ++++++++++++++++++++++++++++++++++++++++++++++--
src/vzctl-actions.c | 2 +
src/vzctl.c | 1 +
13 files changed, 304 insertions(+), 13 deletions(-)
create mode 100644 src/lib/chown_preload.c
--
1.7.11.7
More information about the Devel
mailing list