On Fri, Jun 07, 2013 at 03:12:19PM +0800, Gao feng wrote:
> User namespace will be enabled only when the idmap exist
> in configuration.
>
> If you want disable user namespace,just remove these
> elements from XML.
>
> If kernel doesn't support user namespace and idmap exist
> in configuration file, libvirt lxc will start failed and
> return "Kernel doesn't support user namespace" message.
>
> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
> ---
> src/lxc/lxc_container.c | 24 ++++++++++++++----------
> 1 file changed, 14 insertions(+), 10 deletions(-)
>
> diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
> index 181f6c8..5d4da73 100644
> --- a/src/lxc/lxc_container.c
> +++ b/src/lxc/lxc_container.c
> @@ -2018,14 +2018,12 @@ cleanup:
>
> static int userns_supported(void)
> {
> -#if 1
> - /*
> - * put off using userns until uid mapping is implemented
> - */
> - return 0;
> -#else
> return lxcContainerAvailable(LXC_CONTAINER_FEATURE_USER) == 0;
> -#endif
> +}
> +
> +static int userns_required(virDomainDefPtr def)
> +{
> + return def->idmap.uidmap && def->idmap.gidmap;
> }
>
> virArch lxcContainerGetAlt32bitArch(virArch arch)
> @@ -2105,9 +2103,15 @@ int lxcContainerStart(virDomainDefPtr def,
>
> cflags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|SIGCHLD;
>
> - if (userns_supported()) {
> - VIR_DEBUG("Enable user namespaces");
> - cflags |= CLONE_NEWUSER;
> + if (userns_required(def)) {
> + if (userns_supported()) {
> + VIR_DEBUG("Enable user namespace");
> + cflags |= CLONE_NEWUSER;
> + } else {
> + virReportSystemError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
> + _("Kernel doesn't support user namespace"));
> + return -1;
> + }
> }
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list