[lxc-devel] [lxc/lxc] cf3ef1: container creation: support unpriv container creat...

GitHub noreply at github.com
Thu Oct 24 17:05:53 UTC 2013


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: cf3ef16dc479c102433a82b8ddbb4265d3818cce
      https://github.com/lxc/lxc/commit/cf3ef16dc479c102433a82b8ddbb4265d3818cce
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2013-10-24 (Thu, 24 Oct 2013)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  container creation: support unpriv container creation in user namespaces

1. lxcapi_create: don't try to unshare and mount for dir backed containers

It's unnecessary, and breaks unprivileged lxc-create (since unpriv users
cannot yet unshare(CLONE_NEWNS)).

2. api_create: chown rootfs

chown rootfs to the host uid to which container root will be mapped

3. create: run template in a mapped user ns

4. use (setuid-root) newxidmap to set id_map if we are not root

This is needed to be able to set userns mappings as an unprivileged
user, for unprivileged lxc-start.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: c4d10a05c309dcf8b8577c36d641f8943f66cde2
      https://github.com/lxc/lxc/commit/c4d10a05c309dcf8b8577c36d641f8943f66cde2
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2013-10-24 (Thu, 24 Oct 2013)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/lxccontainer.c
    M src/lxc/start.c

  Log Message:
  -----------
  fix chowning of tty and console uids

It needs to be done from the handler, not the container, since
the container may not have the rights.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>

Changelog:
    Jul 22: remove hardcoded path for /bin/chown
    Jul 22: use new lxc-usernsexec

Conflicts:
	src/lxc/lxccontainer.c


  Commit: 9e214906db8b351be775901dc4e8fc070bfacf1b
      https://github.com/lxc/lxc/commit/9e214906db8b351be775901dc4e8fc070bfacf1b
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2013-10-24 (Thu, 24 Oct 2013)

  Changed paths:
    M templates/lxc-busybox.in

  Log Message:
  -----------
  lxc-busybox: if in userns, don't try to mknod

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: cbef6c52bea93130abd8920c4b4dd1780548ac7b
      https://github.com/lxc/lxc/commit/cbef6c52bea93130abd8920c4b4dd1780548ac7b
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2013-10-24 (Thu, 24 Oct 2013)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  start: use lxc-user-nic if we are not root

Note this results in nics named things like 'lxcuser-0p'.  We'll
likely want to pass the requested name to lxc-user-nic, but let's
do that in a separate patch.

If we're not root, we can't create new network itnerfaces to pass
into the container.  Instead wait until the container is started,
and call lxc-user-nic to create and assign the nics.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/09bbd74578af...cbef6c52bea9


More information about the lxc-devel mailing list