On Mon, Mar 11, 2013 at 02:26:47PM +0800, Gao feng wrote:
> This patch introduces three new elements in <os> for
> user namespace. for example
> <os>
> <userns enabled='yes'/>
> <uidmap first='0' low_first='1000' count='10'/>
> <gidmap first='0' low_first='1000' count='10'/>
> </os>
>
> this new element userns is used for controlling if enable
> userns for the domain.
We've previously used the <features> block to control whether
namespaces are enabled. So I'd prefer to see that we use
a '<privuser/>' feature flag for this purpose.
> the other two elements uidmap and gidmap are used for
> setting proc files /proc/<pid>/{uid_map,gid_map}.
There can be many entries per maps, so we should be grouping
them in some way. I don't think they belong inside <os> since
that is about the guest boot mechanism.
Instead we want something like
<idmap>
<uid start="0" count="100" target="1000"/>
<uid start="65536" count="1" target="1101"/>
<gid start="0" count="100" target="1000"/>
<gid start="65536" count="1" target="1101"/>
</idmap>
If a <idmap> element is present, then we should automatically
set the <privuer/> feature flag during parsing, if not already
set by the user.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list