On 02/09/2014 09:56 PM, Cole Robinson wrote:
On 02/08/2014 12:16 PM, Chen Hanxiao wrote:
From: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
This patch will enable configuring user namespace
for LXC containers, etc.
Some comments below
Signed-off-by: Chen Hanxiao <chenhanxiao@xxxxxxxxxxxxxx>
---
Use --boot=? to see a list of all available sub options. Complete details at L<http://libvirt.org/formatdomain.html#elementsOS>
+=item --userns=USERNSOPTS
+
I'd prefer to have this option just map to the libvirt XML name. So --idmap,
uid_* and gid_*. Same with the UserNamespace object and its members.
how about:
--idmap uid_start=0,uid_target=1000,uid_count=10,XXXX
And I'll rename userns.py to idmap, also with its members.
v2 will come soon.
+If the guest configuration declares a UID or GID mapping,
+the 'user' namespace will be enabled to apply these.
+A suitably configured UID/GID mapping is a pre-requisite to
+make containers secure, in the absence of sVirt confinement.
+
+--usens can be sepicified to enable user namespace for LXC containers
+
--userns can be specified
+Example:
+ --userns user_start=0,user_target=1000,user_count=10,grp_start=0,grp_target=1000,grp_count=10
+
+Use -userns=? to see a list of all available sub options. Complete details at L<http://libvirt.org/formatdomain.html#elementsOSContainer>
+
Missing a -, should be --userns=?
Sorry for that.
Also if you wanted to add a libvirt patch, the docs there have a few minor errors:
- needs a space after the comma
- capitalize The at beginning of second sentence
- capitalize 'id'
- container being allowed -> container are allowed
Thanks for your gift:)
- Cole
_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list
