[Devel] [PATCH v3 6/9] allow local uid and gid to be specified at container creation

Glauber Costa glommer at parallels.com
Tue May 14 01:51:10 PDT 2013


On 05/14/2013 07:09 AM, Kir Kolyshkin wrote:
>> +When running with an upstream Linux Kernel that supports user
>> namespaces (>=
>> +3.8), the parameters \fB--local_uid\fR and \fB--local_gid\fR can be
>> used to
>> +select which \fIuid\fR and \fIgid\fR respectively will be used as a
>> base user
>> +in the host system. Note that user namespaces provide a 1:1 mapping
>> between
>> +container users and host users. If these options are not specified,
>> the value
>> +100000 is used.
> 
> This probably comes from an older version of a patchset. We don't have
> compiled-in defaults, do we?
> 
> I'd say
> 
> If these options are not specified, the values \fBLOCAL_UID\fR and
> \fBLOCAL_GID\fR
> from global configuration file \fBvz.conf\fR(5) are used.

Huummm, this is not my understanding. Please note that --local_uid and
--local_uid are creation time switches. This means that they will only
apply to newly created containers.

Upon execution, these are read from the local configuration file. In
older containers, this will be unset and we will run with userns
disabled. In newly containers, the only way to disable it is to specify
--local_uid = 0, but by default we run with 100000. What is the problem
with this?





More information about the Devel mailing list