[Devel] [PATCH 6/6] allow local uid and gid to be specified at container creation

Kir Kolyshkin kir at openvz.org
Mon Mar 11 12:11:20 PDT 2013 

On 03/11/2013 04:01 AM, Glauber Costa wrote:
> It is a valid use case to run a container with host uid and gid different
> than the default. This patch provides and documents a way to do so.
>
> Signed-off-by: Glauber Costa <glommer at parallels.com>
> ---
>   man/vzctl.8.in      | 14 ++++++++++++++
>   src/vzctl-actions.c |  2 ++
>   src/vzctl.c         |  1 +
>   3 files changed, 17 insertions(+)
>
> diff --git a/man/vzctl.8.in b/man/vzctl.8.in
> index 5efd702..3859405 100644
> --- a/man/vzctl.8.in
> +++ b/man/vzctl.8.in
> @@ -852,6 +852,8 @@ List of available fields can be obtained using \fB-L\fR option.
>   .OP --ipadd addr
>   .OP --hostname name
>   .OP --name name
> +.OP --local_uid uid
> +.OP --local_gid gid
>   .YS
>   .IP "" 4
>   Creates a new container area. This operation should be done once, before
> @@ -903,6 +905,18 @@ a container. Note that this option can be used multiple times.
>   
>   You can use \fB--hostname\fR \fIname\fR option to set a host name for
>   a container.
> +
> +When running with an upstream Linux kernel that supports user namespaces,

Maybe we need to show a kernel version here.

> +the parameters \fB--local_uid\fR and \fB--local_gid\fR can be used to select
> +which \fIuid\fR and \fIgid\fR respectively will be used as a base user in the
> +host system. Note that user namespaces provide a 1:1 mapping between container
> +users and host users. If those options are not specified, the value 100000 is

s/those/these/
I guess

> +used.

Now if you want to keep having that "0 means default" meaning of these 
parameters,
you need to document it as well.

> +
> +\fBWarning:\fR use \fB--local_uid\fR and \fB--local_gid\fR with care, specially
> +when migrating containers. In all situations, the container's files in the
> +filesystem needs to be correctly owned by the host-side users.
> +
>   .IP "\fBdestroy\fR | \fBdelete\fR \fICTID\fR" 4
>   Removes a container private area by deleting all files, directories and
>   the configuration file of this container.
> diff --git a/src/vzctl-actions.c b/src/vzctl-actions.c
> index be22265..63d93aa 100644
> --- a/src/vzctl-actions.c
> +++ b/src/vzctl-actions.c
> @@ -391,6 +391,8 @@ static int parse_create_opt(envid_t veid, int argc, char **argv,
>   	{"ve_layout",	required_argument, NULL, PARAM_VE_LAYOUT},
>   	{"velayout",	required_argument, NULL, PARAM_VE_LAYOUT},
>   	{"diskspace",	required_argument, NULL, PARAM_DISKSPACE},
> +	{"local_uid",	required_argument, NULL, PARAM_LOCAL_UID},
> +	{"local_gid",	required_argument, NULL, PARAM_LOCAL_GID},
>   	{ NULL, 0, NULL, 0 }
>   };
>   
> diff --git a/src/vzctl.c b/src/vzctl.c
> index d9bba7d..a72ab39 100644
> --- a/src/vzctl.c
> +++ b/src/vzctl.c
> @@ -65,6 +65,7 @@ static void usage(int rc)
>   "vzctl create <ctid> [--ostemplate <name>] [--config <name>]\n"
>   "   [--layout ploop|simfs] [--hostname <name>] [--name <name>] [--ipadd <addr>]\n"
>   "   [--diskspace <kbytes>] [--private <path>] [--root <path>]\n"
> +"   [--local_uid <UID>] [--local_gid <GID>]\n"
>   "vzctl start <ctid> [--force] [--wait]\n"
>   "vzctl destroy | mount | umount | stop | restart | status <ctid>\n"
>   #ifdef HAVE_PLOOP

More information about the Devel mailing list