[lxc-devel] namespaces and lxc
Andy Johnson
johnsonzjo at gmail.com
Fri Apr 19 14:54:18 UTC 2013
Hello,
Thanks a lot for your very detailed answer and quick response!
Best,
Andy
On Fri, Apr 19, 2013 at 5:18 PM, Serge Hallyn <serge.hallyn at ubuntu.com>wrote:
> Quoting Andy Johnson (johnsonzjo at gmail.com):
> > Hello,
> >
> > Question about namespaces and lxc:
> >
> > I see that there is a tool named lxc-unshare, which is (according to
> > https://help.ubuntu.com/12.04/serverguide/lxc.html) for
> > testing and in fact calls the clone() syscall (via lxc_clone())
> > and not via the unshare() syscall.
>
> lxc-unshare will be deprecated soon, as there is a 'unshare' command
> in util-linux.
>
> > While looking in the code for namespaces usage, I saw that in
> > lxc_attach_to_ns()
> > there is a call to setns(). But I am not sure as to whether this is used.
>
> clone and unshare create new namespaces. setns() attaches to an
> existing namespace.
>
> > Usage of cgroups in lxc is known.
> >
> > Regarding namesapces: does lxc support all six namesapaces ? are there
> > examples
> > of *.conf file/links for using namespaces ?
>
> All namespaces are used. uts, pid, ipc and mounts are always unshared.
> netns is not unshared if you don't specify any 'lxc.network.type' in
> your .conf. user is not unshared if you don't list any lxc.id_map
> entries. Both are described in the lxc.conf(5) man page.
>
> > is there support for user
> > namespace ?
>
> Very basic support - for creating a mapped user namespace when starting
> as the root user - is there. More advanced support for user namespace
> is in the works. In particular we want unprivileged users to be able
> to create and start containers in user namespaces, but there is work
> left to be done.
>
>
> http://s3hh.wordpress.com/2012/10/31/full-ubuntu-container-confined-in-a-user-namespace/
> http://s3hh.wordpress.com/2013/03/07/experimenting-with-user-namespaces/
> http://s3hh.wordpress.com/2013/02/12/user-namespaces-lxc-meeting/
>
> The last link in particular leads to some discussion of where we want
> to go and what's left to do.
>
> -serge
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130419/a4af33a1/attachment.html>
More information about the lxc-devel
mailing list