[Devel] [PATCH 4/6] user namespace support for upstream containers

[Glauber Costa]

>>           return ret;
>>         fill_container_param(arg, &create_param);
>> @@ -153,6 +158,44 @@ static int _env_create(void *data)
>>       return exec_container_init(arg, &create_param);
>>   }
>>   +static int write_uid_gid_mapping(vps_handler *h, unsigned long uid,
>> unsigned long gid, pid_t pid)
>> +{
>> +    char buf[64];
>> +    char umap[64], gmap[64];
>> +    int fdu, fdg, ret;
>> +
>> +    snprintf(umap, 64, "0 %ld 100000", uid);
>> +    snprintf(gmap, 64, "0 %ld 100000", gid);
> 
> 1 What is the magical 100000 number?
> 

The uid/gid range. I can add a define for clarity, but it is not really
my intention to make it a selectable or anything.
>> +         * Now we need to write to the mapping file. It has to be us,
>> +         * since CAP_SETUID is required in the parent namespace. vzctl
>> +         * is run as root, so we should have it. But our cloned kid
>> +         * will start as the overflow uid 65534 in the new namespace.
>> +         */
>> +        write_uid_gid_mapping(arg->h, arg->res->misc.local_uid,
>> +                    arg->res->misc.local_gid, ret);
> 
> Do we want error checking/reporting here?
> 

I guess it would be friendlier.