<div dir="ltr"><div style><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px">Hello,</span></div><div style><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px">I read your posts, thanks a lot for the good and detailed info and examples.</span></div>
<div style><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px"><br></span></div><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px">>When a new user namespace is created, the task populating it starts >as userid -1, nobody.</span><br>
<div><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px"><br></span></div><div style><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px">I don't understand something: why nobody is userid -1 ? </span></div>
<div style><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px">On fedora 18 we have:</span></div><div style><div><font color="#333333" face="Georgia, Bitstream Charter, serif" size="3"><span style="line-height:24px">cat /etc/passwd | grep nobody</span></font></div>
<div><font color="#333333" face="Georgia, Bitstream Charter, serif" size="3"><span style="line-height:24px">nobody:x:99:99:Nobody:/:/sbin/nologin</span></font></div><div><font color="#333333" face="Georgia, Bitstream Charter, serif" size="3"><span style="line-height:24px">nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin</span></font></div>
<div><br></div><div style>Now it seems to me that userid of nobody is 99 here, according to this doc about /etc/passwd format:</div><div style><a href="http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/">http://www.cyberciti.biz/faq/understanding-etcpasswd-file-format/</a><br>
</div><div style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px"><br></div><div style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px">
regards,</div><div style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px">Andy</div><div style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px">
<br></div></div><div style><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px"><br></span></div><div style><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px"><br>
</span></div><div><span style="color:rgb(51,51,51);font-family:Georgia,'Bitstream Charter',serif;font-size:16px;line-height:24px"><br></span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Apr 19, 2013 at 5:54 PM, Andy Johnson <span dir="ltr"><<a href="mailto:johnsonzjo@gmail.com" target="_blank">johnsonzjo@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div>Thanks a lot for your very detailed answer and quick response!</div><div><br></div><div>Best,</div>
<div>Andy</div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br>
<div class="gmail_quote">On Fri, Apr 19, 2013 at 5:18 PM, Serge Hallyn <span dir="ltr"><<a href="mailto:serge.hallyn@ubuntu.com" target="_blank">serge.hallyn@ubuntu.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>Quoting Andy Johnson (<a href="mailto:johnsonzjo@gmail.com" target="_blank">johnsonzjo@gmail.com</a>):<br>
> Hello,<br>
><br>
> Question about namespaces and lxc:<br>
><br>
> I see that there is a tool named lxc-unshare, which is (according to<br>
> <a href="https://help.ubuntu.com/12.04/serverguide/lxc.html" target="_blank">https://help.ubuntu.com/12.04/serverguide/lxc.html</a>) for<br>
> testing and in fact calls the clone() syscall (via lxc_clone())<br>
> and not via the unshare() syscall.<br>
<br>
</div>lxc-unshare will be deprecated soon, as there is a 'unshare' command<br>
in util-linux.<br>
<div><br>
> While looking in the code for namespaces usage, I saw that in<br>
> lxc_attach_to_ns()<br>
> there is a call to setns(). But I am not sure as to whether this is used.<br>
<br>
</div>clone and unshare create new namespaces. setns() attaches to an<br>
existing namespace.<br>
<div><br>
> Usage of cgroups in lxc is known.<br>
><br>
> Regarding namesapces: does lxc support all six namesapaces ? are there<br>
> examples<br>
> of *.conf file/links for using namespaces ?<br>
<br>
</div>All namespaces are used. uts, pid, ipc and mounts are always unshared.<br>
netns is not unshared if you don't specify any 'lxc.network.type' in<br>
your .conf. user is not unshared if you don't list any lxc.id_map<br>
entries. Both are described in the lxc.conf(5) man page.<br>
<div><br>
> is there support for user<br>
> namespace ?<br>
<br>
</div>Very basic support - for creating a mapped user namespace when starting<br>
as the root user - is there. More advanced support for user namespace<br>
is in the works. In particular we want unprivileged users to be able<br>
to create and start containers in user namespaces, but there is work<br>
left to be done.<br>
<br>
<a href="http://s3hh.wordpress.com/2012/10/31/full-ubuntu-container-confined-in-a-user-namespace/" target="_blank">http://s3hh.wordpress.com/2012/10/31/full-ubuntu-container-confined-in-a-user-namespace/</a><br>
<a href="http://s3hh.wordpress.com/2013/03/07/experimenting-with-user-namespaces/" target="_blank">http://s3hh.wordpress.com/2013/03/07/experimenting-with-user-namespaces/</a><br>
<a href="http://s3hh.wordpress.com/2013/02/12/user-namespaces-lxc-meeting/" target="_blank">http://s3hh.wordpress.com/2013/02/12/user-namespaces-lxc-meeting/</a><br>
<br>
The last link in particular leads to some discussion of where we want<br>
to go and what's left to do.<br>
<span><font color="#888888"><br>
-serge<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>