On 02/08/2014 12:16 PM, Chen Hanxiao wrote: > From: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx> > > This patch will enable configuring user namespace > for LXC containers, etc. > Some comments below > Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx> > --- > man/virt-install.pod | 14 ++++++++ > .../compare/virt-xml-edit-clear-clock.xml | 2 +- > .../compare/virt-xml-edit-clear-cpu.xml | 2 +- > .../compare/virt-xml-edit-simple-boot.xml | 4 +-- > .../compare/virt-xml-edit-simple-cpu.xml | 2 +- > .../compare/virt-xml-edit-simple-features.xml | 4 +-- > .../compare/virt-xml-edit-simple-metadata.xml | 2 +- > .../compare/virt-xml-edit-simple-vcpus.xml | 2 +- > .../compare/virt-xml-remove-disk-path.xml | 2 +- > tests/clitest.py | 1 + > tests/testdriver.xml | 4 +++ > tests/xmlparse-xml/change-guest-out.xml | 4 +++ > tests/xmlparse.py | 8 +++++ > virt-convert | 2 +- > virt-install | 1 + > virt-xml | 1 + > virtinst/__init__.py | 1 + > virtinst/cli.py | 25 +++++++++++++++ > virtinst/guest.py | 6 ++-- > virtinst/userns.py | 37 ++++++++++++++++++++++ > 20 files changed, 111 insertions(+), 13 deletions(-) > create mode 100644 virtinst/userns.py > > diff --git a/man/virt-install.pod b/man/virt-install.pod > index ff08d72..46039ac 100644 > --- a/man/virt-install.pod > +++ b/man/virt-install.pod > @@ -442,6 +442,20 @@ will default to /bin/sh. > > Use --boot=? to see a list of all available sub options. Complete details at L<http://libvirt.org/formatdomain.html#elementsOS> > > +=item --userns=USERNSOPTS > + I'd prefer to have this option just map to the libvirt XML name. So --idmap, uid_* and gid_*. Same with the UserNamespace object and its members. > +If the guest configuration declares a UID or GID mapping, > +the 'user' namespace will be enabled to apply these. > +A suitably configured UID/GID mapping is a pre-requisite to > +make containers secure, in the absence of sVirt confinement. > + > +--usens can be sepicified to enable user namespace for LXC containers > + --userns can be specified > +Example: > + --userns user_start=0,user_target=1000,user_count=10,grp_start=0,grp_target=1000,grp_count=10 > + > +Use -userns=? to see a list of all available sub options. Complete details at L<http://libvirt.org/formatdomain.html#elementsOSContainer> > + Missing a -, should be --userns=? Also if you wanted to add a libvirt patch, the docs there have a few minor errors: - needs a space after the comma - capitalize The at beginning of second sentence - capitalize 'id' - container being allowed -> container are allowed - Cole _______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list
