git.ipfire.org Git - thirdparty/lxc.git/commit

author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Wed, 23 Oct 2013 01:02:57 +0000 (01:02 +0000)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Thu, 24 Oct 2013 17:12:35 +0000 (12:12 -0500)
commit	cf3ef16dc479c102433a82b8ddbb4265d3818cce
tree	a194648310bdf0fd652c5c9010c2be4279d797b9	tree \| snapshot
parent	09bbd74578af3a039325c273a3bd7e54c9c79482	commit \| diff

container creation: support unpriv container creation in user namespaces

1. lxcapi_create: don't try to unshare and mount for dir backed containers

It's unnecessary, and breaks unprivileged lxc-create (since unpriv users
cannot yet unshare(CLONE_NEWNS)).

2. api_create: chown rootfs

chown rootfs to the host uid to which container root will be mapped

3. create: run template in a mapped user ns

4. use (setuid-root) newxidmap to set id_map if we are not root

This is needed to be able to set userns mappings as an unprivileged
user, for unprivileged lxc-start.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

src/lxc/conf.c		diff \| blob \| blame \| history
src/lxc/conf.h		diff \| blob \| blame \| history
src/lxc/lxccontainer.c		diff \| blob \| blame \| history