On 04/30/2013 06:07 PM, Richard RW. Weinberger wrote: > ----- Ursprüngliche Mail ----- >>> We'd like to use libvirt for managing our lxc machines. >>> Currently libvirt lacks of user namespace support. >>> Is anyone working on that? Otherwise David and I will implement it >>> and send patches very soon. >> >> There were some people at Fujitsu who have done a little work on it. >> They posted some very basic patches a month or two ago, but not heard >> more since then, so don't know if any progress has been made by them. > > Found the patches. :) > They do mostly the same what our preliminary userns support does. > 1. Add support for uid/gid mappings. > 2. Don't mount disallowed files systems in the userns. > 3. Create devices nodes outside of the userns. > > What we still need to consider is how to deal with capability dropping. > Daniel, do you have any plans how to support this? > Using securebits would be a good idea. > See [0] > > Gao feng, are you still working on the patch set? > Let's work together to avoid duplicated work. > If you don't have to time to cleanup/rework your patches > we'll happily pick them up and base our work on them. Sorry for the late response. I'm working on this patchset now. and I also consider to add user quota for libvirt lxc. Anyway I will post the version 2 in next week. Thanks, Gao > > Thanks, > //richard > > [0]: > https://lkml.org/lkml/2013/4/29/445 > -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list