On 2013/03/13 18:51, Daniel P. Berrange wrote: > On Mon, Mar 11, 2013 at 02:26:47PM +0800, Gao feng wrote: >> This patch introduces three new elements in <os> for >> user namespace. for example >> <os> >> <userns enabled='yes'/> >> <uidmap first='0' low_first='1000' count='10'/> >> <gidmap first='0' low_first='1000' count='10'/> >> </os> >> >> this new element userns is used for controlling if enable >> userns for the domain. > > We've previously used the <features> block to control whether > namespaces are enabled. So I'd prefer to see that we use > a '<privuser/>' feature flag for this purpose. > Yes, this is more reasonable. Will do it. >> the other two elements uidmap and gidmap are used for >> setting proc files /proc/<pid>/{uid_map,gid_map}. > > There can be many entries per maps, so we should be grouping > them in some way. I don't think they belong inside <os> since > that is about the guest boot mechanism. > > Instead we want something like > > <idmap> > <uid start="0" count="100" target="1000"/> > <uid start="65536" count="1" target="1101"/> > <gid start="0" count="100" target="1000"/> > <gid start="65536" count="1" target="1101"/> > </idmap> > > > If a <idmap> element is present, then we should automatically > set the <privuer/> feature flag during parsing, if not already > set by the user. > Get it. Thanks! -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list