[lxc-devel] [PATCH] Support unprivileged ephemeral container using aufs

KATOH Yasufumi karma at jazz.email.ne.jp
Thu Jun 25 09:14:04 UTC 2015


As the commit 31a882e, an unprivileged container can use aufs.
This patch removes the check for unpriv aufs, and change the path of
xino file as an unprivileged user can mount aufs.

Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
---
 src/lxc/lxc-start-ephemeral.in | 8 +-------
 1 file changed, 1 insertion(+), 7 deletions(-)

diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
index 7bf336e..ed2dfd1 100644
--- a/src/lxc/lxc-start-ephemeral.in
+++ b/src/lxc/lxc-start-ephemeral.in
@@ -120,12 +120,6 @@ parser.add_argument("--version", action="version", version=lxc.version)
 
 args = parser.parse_args()
 
-# Basic requirements check
-## We only support privileged containers for now
-if os.geteuid() != 0 and args.union_type != "overlayfs":
-    parser.error(_("Unprivileged containers may only use "
-                   "overlayfs at this time."))
-
 ## Check that -d and CMD aren't used at the same time
 if args.command and args.daemon:
     parser.error(_("You can't use -d and a command at the same time."))
@@ -269,7 +263,7 @@ LXC_NAME="%s"
                              entry[0],
                              entry[1]))
         elif args.union_type == "aufs":
-            xino_path = "%s/lxc/aufs.xino" % get_rundir()
+            xino_path = "/dev/shm/aufs.xino"
             if not os.path.exists(os.path.basename(xino_path)):
                 os.makedirs(os.path.basename(xino_path))
 
-- 
2.2.1



More information about the lxc-devel mailing list