----- Original message ----- > Colin Walters <walters@xxxxxxxxxx> writes: > > > On Tue, 2012-05-22 at 12:48 -0600, Eric W. Biederman wrote: > > > > > My git tree covers all of the modifications needed to convert the > > > core kernel and enough changes to make a system bootable to runlevel > > > 1. > > > > What system? I'm curious about the state of your userspace > > modifications. > > Debian. > > Userspace won't need any modifications to work, but I am slowly working > through the patches needed to get everything in the kernel converted. > And my patches for the networking stack weren't quite ready for the > merge window. > > Ultimately to be included in distro kernels and really be useful I need > to make everything in the kernel that plays with uids and gids user > namespace aware so that is my goal for the next merge window. We will > see how that goes. > > As for patches to userspace, all I think I will need is a small change > to useradd, and perhaps a helper function to validate the mapping into > the initial user namespace's uids. Aka is user A allowed to use uids > 100,000-110,000? To elaborate, remember uids in a user ns each map to a uid on the host (to be precise, in the initial userns). Mapping to a uid on the host takes privilege. So a setuid tool (i have a poc coded) checks a /etc file to see whether the host uids requested by an unprivileged user are allowed to him. The useradd patch would be to fascilitate filling in ranges in that /etc file when the user is created. So serge may get 100000-109999, joe 110000-119999, etc. Nothing is needed in userspace just to boot a system with a user-ns-enabled kernel, or to have root use user namespaces (other than something to call clone with CLONE_NEWUSER). > I have a branch in my user-namespace.git with all of the rest of my > kernel changes if you want to play. Beyond that I expect most of the > user space changes (useradd etc) to land in ubuntu fairly shortly > after they are viable as I am working closely with a couple folks > at ubunut. > > Eric > > > > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-kernel" > in the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > Please read the FAQ at http://www.tux.org/lkml/ _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
