On 02/22/2013 08:34 PM, Eric W. Biederman wrote: > Glauber Costa <glommer@xxxxxxxxxxxxx> writes: > >> On 01/22/2013 01:11 PM, Eric W. Biederman wrote: >>> >>> The kernel support for user namespaces allows ordinary users to use >>> multiple uids and gids if they can get a trusted program to tell the >>> kernel the set of subordinate uids and gids they are allowed to use. >>> >>> This is my work to make that trusted program. >>> Two new files are added /etc/subuid /etc/subgid that specify >>> ranges of uids and gids that users may uses. >>> >>> useradd, and newusers are modifed to add users to those files. >>> >>> userdel is modeifed to remove users from those files. >>> >>> usermod is modified to give manual control of what goes in those files. >>> >>> newuidmap and newgidmap read the new files and update >>> /proc/[pid]/uid_map and /proc/[pid]/gid_map respectively >>> as requested by their command line parameters and as allowed >>> by the /etc/subuid and /etc/subgid. >>> >>> The following patches are against the current developent trunk >>> of pkg-shadow svn rev 3745. With minor tweaking of man/Makefile.am >>> these patches also apply to shadow 4.1.5. >>> >>> Eric W. Biederman (11): >>> Documentation for /etc/subuid and /etc/subgid >>> login.defs.5: Document the new variables in login.defs >>> Implement commonio_append. >>> Add backend support for suboridnate uids and gids >>> Implement find_new_sub_uids find_new_sub_gids >>> userdel: Add support for removing subordinate user and group ids. >>> useradd: Add support for subordinate user identifiers >>> Add support for detecting busy subordinate user ids >>> usermod: Add support for subordinate uids and gids. >>> newusers: Add support for assiging subordinate uids and gids. >>> newuidmap,newgidmap: New suid helpers for using subordinate uids and gids >> >> Hi, >> >> Is there any intention to merge this (or any later version thereof) ? >> I intend to start excluding uid ranges for containers usage in OpenVZ, >> and support for that in tooling would come in handy. > > I don't know what the state of the main pkg-shadow package is. I have > heard anything and the repository seems to have been dormant since the > last release almost a year ago. > > However the last I heard Serge was working on getting these changes into > Ubuntu. > > So the intention is to get this code merged but I don't know what more > needs to be done at this point. > I understand, this was more a question for the package maintainers. It would be interesting for us to have those changes more widely available than just @Ubuntu _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
