Re: [RFC PATCH 1/6] LXC: New XML element for user namespace

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2013/03/13 18:51, Daniel P. Berrange wrote:
> On Mon, Mar 11, 2013 at 02:26:47PM +0800, Gao feng wrote:
>> This patch introduces three new elements in <os> for
>> user namespace. for example
>> <os>
>>     <userns enabled='yes'/>
>>     <uidmap first='0' low_first='1000' count='10'/>
>>     <gidmap first='0' low_first='1000' count='10'/>
>> </os>
>>
>> this new element userns is used for controlling if enable
>> userns for the domain.
> 
> We've previously used the <features> block to control whether
> namespaces are enabled. So I'd prefer to see that we use
> a '<privuser/>' feature flag for this purpose.
> 

Yes, this is more reasonable.
Will do it.
>> the other two elements uidmap and gidmap are used for
>> setting proc files /proc/<pid>/{uid_map,gid_map}.
> 
> There can be many entries per maps, so we should be grouping
> them in some way. I don't think they belong inside <os> since
> that is about the guest boot mechanism.
> 
> Instead we want something like
> 
>    <idmap>
>       <uid start="0" count="100" target="1000"/>
>       <uid start="65536" count="1" target="1101"/>
>       <gid start="0" count="100" target="1000"/>
>       <gid start="65536" count="1" target="1101"/>
>    </idmap>
> 
> 
> If a <idmap> element is present, then we should automatically
> set the <privuer/> feature flag during parsing, if not already
> set by the user.
> 

Get it.
Thanks!

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]