On Tue, Jun 04, 2013 at 06:54:10PM +0800, Gao feng wrote: > On 06/04/2013 06:41 PM, richard -rw- weinberger wrote: > > On Thu, May 23, 2013 at 6:06 AM, Gao feng <gaofeng@xxxxxxxxxxxxxx> wrote: > >> This patchset try to add userns support for libvirt lxc. > >> Since userns is nearly completed in linux-3.9, the old > >> kernel doesn't support userns, I add some New XML elements > >> to let people decide if enable userns.The userns is enabled > >> only when user configure the XML. > >> > >> The format of user namespace related XML file like below: > >> <idmap> > >> <uid start='0' target='1000' count='10'> > >> <gid start='0' target='1000' count='10'> > >> </idmap> > >> it means the user in container (which uid:gid is 0:0) will > >> be mapped to the user in host (uid:gid is 1000:1000), count > >> is used to form an u/gid range: The users in container which > >> uid in [start, start + count -1] will be mapped. > >> > >> You can have multiple lines to map differnet id ranges, > >> caution, you must make sure the root user of container has > >> been mapped. > >> > >> This patchset also does the below jobs. > >> > >> 1, Because the uninit userns has no right to create devices, > >> we should create devices for container on host. > >> 2, Changes the owner of fuse and tty device. > >> > >> Change from v2: > >> 1, Mount tmpfs on /stateDir/domain.dev > >> 2, Create devices under /stateDir/doamin.dev/ > >> 3, Mount Move the /.oldroot/stateDir/doamin.dev/ on the /dev/ of container > >> 4, Enhance the configuration, disallow the semi configuration > >> > >> Gao feng (12): > >> LXC: Introduce New XML element for user namespace > >> LXC: enable user namespace only when user set the uidmap > >> LXC: sort the uidmap/gidmap of domain > >> LXC: introduce virLXCControllerSetupUserns and lxcContainerSetID > >> LXC: Creating devices for container on host side > >> LXC: Move creating /dev/ptmx to virLXCControllerSetupDevPTS > >> LXC: fuse: Change files owner to the root user of container > >> LXC: controller: change the owner of tty devices to the root user of > >> container > >> LXC: controller: change the owner of /dev to the root user of > >> container > >> LXC: controller: change the owner of devices created on host > >> LXC: controller: change the owner of /dev/pts and ptmx to the root of > >> container > >> LXC: introduce virLXCControllerChown > >> > >> docs/formatdomain.html.in | 23 ++++ > >> docs/schemas/domaincommon.rng | 31 +++++ > >> src/conf/domain_conf.c | 115 ++++++++++++++++++ > >> src/conf/domain_conf.h | 22 ++++ > >> src/lxc/lxc_container.c | 183 ++++++++++++++-------------- > >> src/lxc/lxc_controller.c | 271 +++++++++++++++++++++++++++++++++++++++++- > >> src/lxc/lxc_fuse.c | 6 + > >> 7 files changed, 557 insertions(+), 94 deletions(-) > > > > I'm wondering what the state of this patch set is. > > I'd really like to see it mainline. :-) > > > > It's still under review. needs some ACK. > If you can help to test or ACK this patchset, it will be very helpful. :) > > Actually, I just want to ping... I've been away on holiday for 2 weeks, so not had a chance to review it yet. I'll get to it this week. I hope we'll get this in the 1.0.6 release this month. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list