On 07/02/2013 06:24 PM, Daniel P. Berrange wrote: > On Fri, Jun 07, 2013 at 03:12:17PM +0800, Gao feng wrote: >> This patchset try to add userns support for libvirt lxc. >> Since userns is nearly completed in linux-3.9, the old >> kernel doesn't support userns, I add some New XML elements >> to let people decide if enable userns.The userns is enabled >> only when user configure the XML. >> >> The format of user namespace related XML file like below: >> <idmap> >> <uid start='0' target='1000' count='10'> >> <gid start='0' target='1000' count='10'> >> </idmap> >> it means the user in container (which uid:gid is 0:0) will >> be mapped to the user in host (uid:gid is 1000:1000), count >> is used to form an u/gid range: The users in container which >> uid in [start, start + count -1] will be mapped. >> >> You can have multiple lines to map differnet id ranges, >> caution, you must make sure the root user of container has >> been mapped. >> >> This patchset also does the below jobs. >> >> 1, Because the uninit userns has no right to create devices, >> we should create devices for container on host. >> 2, Changes the owner of fuse and tty device. >> >> Change from v3: >> 1, fix some bugs that Daniel pointed out >> 2, reorder the patchset,introduce virLXCControllerChown first. >> 3, rebase >> >> Change from v2: >> 1, Mount tmpfs on /stateDir/domain.dev >> 2, Create devices under /stateDir/doamin.dev/ >> 3, Mount Move the /.oldroot/stateDir/doamin.dev/ on the /dev/ of container >> 4, Enhance the configuration, disallow the semi configuration >> >> >> Gao feng (10): >> LXC: Introduce New XML element for user namespace >> LXC: enable user namespace only when user set the uidmap >> LXC: sort the uidmap/gidmap of domain >> LXC: introduce virLXCControllerSetupUserns and lxcContainerSetID >> LXC: Creating devices for container on host side >> LXC: controller: change the owner of tty devices to the root user of >> container >> LXC: controller: change the owner of /dev to the root user of >> container >> LXC: controller: change the owner of devices created on host >> LXC: controller: change the owner of /dev/pts and ptmx to the root of >> container >> LXC: fuse: Change files owner to the root user of container >> >> docs/formatdomain.html.in | 23 +++++ >> docs/schemas/domaincommon.rng | 31 ++++++ >> src/conf/domain_conf.c | 115 +++++++++++++++++++++ >> src/conf/domain_conf.h | 22 ++++ >> src/lxc/lxc_container.c | 173 +++++++++++++++++-------------- >> src/lxc/lxc_controller.c | 235 ++++++++++++++++++++++++++++++++++++++++-- >> src/lxc/lxc_fuse.c | 4 + >> 7 files changed, 516 insertions(+), 87 deletions(-) > > FYI, this patchset is now merged. > > I fixed up error reporting in patch 1, and I made a slight change to > patch #4, to avoid needlessly moving some functions. > cool! thanks you guys! -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list