[Devel] [PATCH 6/6] allow local uid and gid to be specified at container creation

Glauber Costa glommer at parallels.com
Mon Mar 11 04:01:27 PDT 2013


It is a valid use case to run a container with host uid and gid different
than the default. This patch provides and documents a way to do so.

Signed-off-by: Glauber Costa <glommer at parallels.com>
---
 man/vzctl.8.in      | 14 ++++++++++++++
 src/vzctl-actions.c |  2 ++
 src/vzctl.c         |  1 +
 3 files changed, 17 insertions(+)

diff --git a/man/vzctl.8.in b/man/vzctl.8.in
index 5efd702..3859405 100644
--- a/man/vzctl.8.in
+++ b/man/vzctl.8.in
@@ -852,6 +852,8 @@ List of available fields can be obtained using \fB-L\fR option.
 .OP --ipadd addr
 .OP --hostname name
 .OP --name name
+.OP --local_uid uid
+.OP --local_gid gid
 .YS
 .IP "" 4
 Creates a new container area. This operation should be done once, before
@@ -903,6 +905,18 @@ a container. Note that this option can be used multiple times.
 
 You can use \fB--hostname\fR \fIname\fR option to set a host name for
 a container.
+
+When running with an upstream Linux kernel that supports user namespaces,
+the parameters \fB--local_uid\fR and \fB--local_gid\fR can be used to select
+which \fIuid\fR and \fIgid\fR respectively will be used as a base user in the
+host system. Note that user namespaces provide a 1:1 mapping between container
+users and host users. If those options are not specified, the value 100000 is
+used.
+
+\fBWarning:\fR use \fB--local_uid\fR and \fB--local_gid\fR with care, specially
+when migrating containers. In all situations, the container's files in the
+filesystem needs to be correctly owned by the host-side users.
+
 .IP "\fBdestroy\fR | \fBdelete\fR \fICTID\fR" 4
 Removes a container private area by deleting all files, directories and
 the configuration file of this container.
diff --git a/src/vzctl-actions.c b/src/vzctl-actions.c
index be22265..63d93aa 100644
--- a/src/vzctl-actions.c
+++ b/src/vzctl-actions.c
@@ -391,6 +391,8 @@ static int parse_create_opt(envid_t veid, int argc, char **argv,
 	{"ve_layout",	required_argument, NULL, PARAM_VE_LAYOUT},
 	{"velayout",	required_argument, NULL, PARAM_VE_LAYOUT},
 	{"diskspace",	required_argument, NULL, PARAM_DISKSPACE},
+	{"local_uid",	required_argument, NULL, PARAM_LOCAL_UID},
+	{"local_gid",	required_argument, NULL, PARAM_LOCAL_GID},
 	{ NULL, 0, NULL, 0 }
 };
 
diff --git a/src/vzctl.c b/src/vzctl.c
index d9bba7d..a72ab39 100644
--- a/src/vzctl.c
+++ b/src/vzctl.c
@@ -65,6 +65,7 @@ static void usage(int rc)
 "vzctl create <ctid> [--ostemplate <name>] [--config <name>]\n"
 "   [--layout ploop|simfs] [--hostname <name>] [--name <name>] [--ipadd <addr>]\n"
 "   [--diskspace <kbytes>] [--private <path>] [--root <path>]\n"
+"   [--local_uid <UID>] [--local_gid <GID>]\n"
 "vzctl start <ctid> [--force] [--wait]\n"
 "vzctl destroy | mount | umount | stop | restart | status <ctid>\n"
 #ifdef HAVE_PLOOP
-- 
1.7.11.7




More information about the Devel mailing list