git.ipfire.org Git - thirdparty/lxc.git/commit

author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Fri, 9 Aug 2013 19:48:35 +0000 (14:48 -0500)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Wed, 14 Aug 2013 15:50:37 +0000 (10:50 -0500)
commit	20ab58c777136a449b3199e0733b62fa87ecfa61
tree	e7822c7020fd2fa404ae0d798e288cb32e5b9432	tree \| snapshot
parent	3fb18be95747034bf36f46be11b0eb288b2ec1b4	commit \| diff

add lxc-user-nic

It is meant to be run setuid-root to allow unprivileged users to
tunnel veths from a host bridge to their containers.  The program
looks at /etc/lxc/lxc-usernet which has entries of the form

user type bridge number

The type currently must be veth.  Whenver lxc-user-nic creates a
nic for a user, it records it in /var/lib/lxc/nics (better location
is needed).  That way when a container dies lxc-user-nic can cull
the dead nic from the list.

The -DISTEST allows lxc-user-nic to be compiled so that it uses
files under /tmp and doesn't actually create the nic, so that
unprivileged users can compile and test the code.  lxc-test-usernic
is a script which runs a few tests using lxc-usernic-test, which
is a version of lxc-user-nic compiled with -DISTEST.

The next step, after issues with this code are raised and addressed,
is to have lxc-start, when running unprivileged, call out to
lxc-user-nic (will have to exec so that setuid-root is honored).
On top of my previous unprivileged-creation patchset, that should
allow unprivileged users to create and start useful containers.

Also update .gitignore.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

.gitignore		diff \| blob \| blame \| history
src/lxc/Makefile.am		diff \| blob \| blame \| history
src/lxc/lxc_clone.c		diff \| blob \| blame \| history
src/lxc/lxc_user_nic.c	[new file with mode: 0644]	blob
src/tests/Makefile.am		diff \| blob \| blame \| history
src/tests/lxc-test-usernic	[new file with mode: 0755]	blob