[lxc-devel] [PATCH] lxc-start-ephemeral: Allow unprivileged run
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Feb 12 17:18:41 UTC 2014
Quoting Stéphane Graber (stgraber at ubuntu.com):
> This allows running lxc-start-ephemeral using overlayfs. aufs remains
> blocked as it hasn't been looked at and patched to work in the kernel at
> this point (not sure if it ever wil).
a proper union mount would be more likely.
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/lxc-start-ephemeral.in | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
> index 62a6194..33c713a 100644
> --- a/src/lxc/lxc-start-ephemeral.in
> +++ b/src/lxc/lxc-start-ephemeral.in
> @@ -105,8 +105,9 @@ args = parser.parse_args()
>
> # Basic requirements check
> ## We only support privileged containers for now
> -if os.geteuid() != 0:
> - parser.error(_("Unprivileged containers aren't supported at this time."))
> +if os.geteuid() != 0 and args.union_type != "overlayfs":
> + parser.error(_("Unprivileged containers may only use "
> + "overlayfs at this time."))
>
> ## Check that -d and CMD aren't used at the same time
> if args.command and args.daemon:
> --
> 1.9.rc1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list