[lxc-devel] [lxc/lxc] cf3ef1: container creation: support unpriv container creat...
GitHub
noreply at github.com
Thu Oct 24 17:05:53 UTC 2013
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: cf3ef16dc479c102433a82b8ddbb4265d3818cce
https://github.com/lxc/lxc/commit/cf3ef16dc479c102433a82b8ddbb4265d3818cce
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2013-10-24 (Thu, 24 Oct 2013)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/lxccontainer.c
Log Message:
-----------
container creation: support unpriv container creation in user namespaces
1. lxcapi_create: don't try to unshare and mount for dir backed containers
It's unnecessary, and breaks unprivileged lxc-create (since unpriv users
cannot yet unshare(CLONE_NEWNS)).
2. api_create: chown rootfs
chown rootfs to the host uid to which container root will be mapped
3. create: run template in a mapped user ns
4. use (setuid-root) newxidmap to set id_map if we are not root
This is needed to be able to set userns mappings as an unprivileged
user, for unprivileged lxc-start.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: c4d10a05c309dcf8b8577c36d641f8943f66cde2
https://github.com/lxc/lxc/commit/c4d10a05c309dcf8b8577c36d641f8943f66cde2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2013-10-24 (Thu, 24 Oct 2013)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/lxccontainer.c
M src/lxc/start.c
Log Message:
-----------
fix chowning of tty and console uids
It needs to be done from the handler, not the container, since
the container may not have the rights.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Changelog:
Jul 22: remove hardcoded path for /bin/chown
Jul 22: use new lxc-usernsexec
Conflicts:
src/lxc/lxccontainer.c
Commit: 9e214906db8b351be775901dc4e8fc070bfacf1b
https://github.com/lxc/lxc/commit/9e214906db8b351be775901dc4e8fc070bfacf1b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2013-10-24 (Thu, 24 Oct 2013)
Changed paths:
M templates/lxc-busybox.in
Log Message:
-----------
lxc-busybox: if in userns, don't try to mknod
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: cbef6c52bea93130abd8920c4b4dd1780548ac7b
https://github.com/lxc/lxc/commit/cbef6c52bea93130abd8920c4b4dd1780548ac7b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2013-10-24 (Thu, 24 Oct 2013)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
start: use lxc-user-nic if we are not root
Note this results in nics named things like 'lxcuser-0p'. We'll
likely want to pass the requested name to lxc-user-nic, but let's
do that in a separate patch.
If we're not root, we can't create new network itnerfaces to pass
into the container. Instead wait until the container is started,
and call lxc-user-nic to create and assign the nics.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/09bbd74578af...cbef6c52bea9
More information about the lxc-devel
mailing list