[lxc-devel] [PATCH] Support unprivileged ephemeral container using aufs
Serge Hallyn
serge.hallyn at ubuntu.com
Thu Jun 25 13:41:34 UTC 2015
Quoting KATOH Yasufumi (karma at jazz.email.ne.jp):
> As the commit 31a882e, an unprivileged container can use aufs.
> This patch removes the check for unpriv aufs, and change the path of
> xino file as an unprivileged user can mount aufs.
>
> Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> ---
> src/lxc/lxc-start-ephemeral.in | 8 +-------
> 1 file changed, 1 insertion(+), 7 deletions(-)
>
> diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
> index 7bf336e..ed2dfd1 100644
> --- a/src/lxc/lxc-start-ephemeral.in
> +++ b/src/lxc/lxc-start-ephemeral.in
> @@ -120,12 +120,6 @@ parser.add_argument("--version", action="version", version=lxc.version)
>
> args = parser.parse_args()
>
> -# Basic requirements check
> -## We only support privileged containers for now
> -if os.geteuid() != 0 and args.union_type != "overlayfs":
> - parser.error(_("Unprivileged containers may only use "
> - "overlayfs at this time."))
> -
> ## Check that -d and CMD aren't used at the same time
> if args.command and args.daemon:
> parser.error(_("You can't use -d and a command at the same time."))
> @@ -269,7 +263,7 @@ LXC_NAME="%s"
> entry[0],
> entry[1]))
> elif args.union_type == "aufs":
> - xino_path = "%s/lxc/aufs.xino" % get_rundir()
> + xino_path = "/dev/shm/aufs.xino"
> if not os.path.exists(os.path.basename(xino_path)):
> os.makedirs(os.path.basename(xino_path))
>
> --
> 2.2.1
>
> _______________________________________________
> lxc-devel mailing list
> lxc-devel at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
More information about the lxc-devel
mailing list