[Devel] [PATCH v2 0/6] Unprivileged containers with user namespaces
Glauber Costa
glommer at parallels.com
Tue Mar 12 02:58:32 PDT 2013
Kir,
Please take a look at the following patches. They implement support for
unprivileged containers using user namespaces, and should work, modulo bugs.
v2:
* use conf_parse_ulong to simplify uid/gid parsing. We do need to provide a
default value for creation, though.
* allow "0" to be specified as uid/gid offset. It simplifies the code if
conf_parse_ulong is used, and well, if anyone *really* wants to run
privileged... We will apply the default value now only if the fields are
unset.
Glauber Costa (6):
host uid and gid parameters
adjust fs_create parameter
user namespace support for upstream containers
modify tar extraction to account for user namespace
add user mismatch test
allow local uid and gid to be specified at container creation
include/res.h | 8 +++++
include/types.h | 1 +
include/vzctl_param.h | 3 ++
man/vzctl.8.in | 14 ++++++++
scripts/vps-create.in | 19 ++++++++++
src/lib/Makefile.am | 3 ++
src/lib/chown_preload.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++
src/lib/config.c | 32 +++++++++++++++++
src/lib/create.c | 30 ++++++++++------
src/lib/env.c | 29 +++++++++++++++
src/lib/hooks_ct.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++--
src/vzctl-actions.c | 2 ++
src/vzctl.c | 1 +
vzctl.spec | 2 +-
14 files changed, 316 insertions(+), 14 deletions(-)
create mode 100644 src/lib/chown_preload.c
--
1.7.11.7
More information about the Devel
mailing list