[lxc-devel] [PATCH 3/8] container creation: support unpriv container creation in user namespaces
Serge Hallyn
serge.hallyn at ubuntu.com
Mon Jul 22 15:58:30 UTC 2013
Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
> > May be worth having autoconf figure out the paths for those as they very
> > well may be moved to /bin.
>
> Yeah, these should be done through autoconf.
>
> Well, or we could use execvp as below.
>
> As for usernsexec, we first need to figure out what program we actually
> want to use.
>
> Do we want to ship usernsexec.c with lxc, or do we want to push
> something into coreutils that serves our purpose?
>
> Normally I'd prefer the latter, but coreutils in ubuntu seems to be
> lagging - and upstream hasn't done a release lately - so I didn't
> want to deal with it right now.
I'm going to add a patch to create lxc-usernsexec and use that
for now, and I'll use execvp instead of hard-coding the paths.
I'll add an autoconf check for the newuidmap binary, and refuse
attempts at unprivileged container creation if those are not
available.
(And I'll switch to use XDG_RUNTIME_DIR if geteuid() != 0)
thanks,
-serge
More information about the lxc-devel
mailing list