On 01/22/2013 01:11 PM, Eric W. Biederman wrote: > > The kernel support for user namespaces allows ordinary users to use > multiple uids and gids if they can get a trusted program to tell the > kernel the set of subordinate uids and gids they are allowed to use. > > This is my work to make that trusted program. > Two new files are added /etc/subuid /etc/subgid that specify > ranges of uids and gids that users may uses. > > useradd, and newusers are modifed to add users to those files. > > userdel is modeifed to remove users from those files. > > usermod is modified to give manual control of what goes in those files. > > newuidmap and newgidmap read the new files and update > /proc/[pid]/uid_map and /proc/[pid]/gid_map respectively > as requested by their command line parameters and as allowed > by the /etc/subuid and /etc/subgid. > > The following patches are against the current developent trunk > of pkg-shadow svn rev 3745. With minor tweaking of man/Makefile.am > these patches also apply to shadow 4.1.5. > > Eric W. Biederman (11): > Documentation for /etc/subuid and /etc/subgid > login.defs.5: Document the new variables in login.defs > Implement commonio_append. > Add backend support for suboridnate uids and gids > Implement find_new_sub_uids find_new_sub_gids > userdel: Add support for removing subordinate user and group ids. > useradd: Add support for subordinate user identifiers > Add support for detecting busy subordinate user ids > usermod: Add support for subordinate uids and gids. > newusers: Add support for assiging subordinate uids and gids. > newuidmap,newgidmap: New suid helpers for using subordinate uids and gids Hi, Is there any intention to merge this (or any later version thereof) ? I intend to start excluding uid ranges for containers usage in OpenVZ, and support for that in tooling would come in handy. _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
