[lxc-devel] [PATCH 3/8] container creation: support unpriv container creation in user namespaces
Stéphane Graber
stgraber at ubuntu.com
Tue Jul 23 08:41:48 UTC 2013
On Mon, Jul 22, 2013 at 10:58:30AM -0500, Serge Hallyn wrote:
> Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
> > > May be worth having autoconf figure out the paths for those as they very
> > > well may be moved to /bin.
> >
> > Yeah, these should be done through autoconf.
> >
> > Well, or we could use execvp as below.
> >
> > As for usernsexec, we first need to figure out what program we actually
> > want to use.
> >
> > Do we want to ship usernsexec.c with lxc, or do we want to push
> > something into coreutils that serves our purpose?
> >
> > Normally I'd prefer the latter, but coreutils in ubuntu seems to be
> > lagging - and upstream hasn't done a release lately - so I didn't
> > want to deal with it right now.
>
> I'm going to add a patch to create lxc-usernsexec and use that
> for now, and I'll use execvp instead of hard-coding the paths.
>
> I'll add an autoconf check for the newuidmap binary, and refuse
> attempts at unprivileged container creation if those are not
> available.
>
> (And I'll switch to use XDG_RUNTIME_DIR if geteuid() != 0)
>
> thanks,
> -serge
Perfect, thanks!
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130723/ce6667a0/attachment.pgp>
More information about the lxc-devel
mailing list