user namespace delta over 3.7

Serge Hallyn serge.hallyn at canonical.com
Fri Nov 9 13:47:24 UTC 2012 

Quoting Tim Gardner (tim.gardner at canonical.com):
> On 11/06/2012 09:36 AM, Serge Hallyn wrote:
> >Hi,
> >
> >the core of user namespace code has landed upstream, however some more
> >is needed to run full ubuntu containers in a user namespace.  Some of
> >this will land in 3.8, but probably not all.  Eric's development tree
> >is at http://git.kernel.org/?p=linux/kernel/git/ebiederm/user-namespace.git;a=summary
> >
> >I have pushed that tree on top of a recent raring tree at
> >git://kernel.ubuntu.com/serge/quantal-userns.git in branch
> >master.oct25.userns-v70.  It consists of 84 patches (including 5 just
> >updating under debian/, one by me fix to account for ubuntu delta, and
> >one not (yet) in Eric's tree to allow tmpfs mounts in a container),
> >which I can git-email if desired.  The built kernel is in
> >ppa:serge-hallyn/userns-natty and does allow me to boot a full ubuntu
> >container in a user namespace - meaning every root owned process and
> >file is actually owned by userid 100000 on the host and contained.
> >
> >I'm sending this now in the hopes that whatever bits don't land in
> >3.8 can be pushed onto the raring kernel.  Our goal this cycle is to
> >support user namespaces, and next cycle to support completely
> >unprivileged creation and starting of containers.
> >
> >-serge
> >
> 
> Serge - how about a pull request for a branch that has been rebased
> on Raring master-next ? I took a quick stab at it and quickly ran
> into uapi transition conflicts (I think).

Ok - I'll aim to do that early next week.

> We're happy to carry namespace patches until we see what shakes out
> in the 3.8 merge, but I expect support in the meantime if there are
> problems. If they block development progress for non-kernel devs
> then I'll have to rip them out (according to the "don't break the
> archive" philosophy).

Sounds great, thanks!

> Of course I know you're working hard to get your crack upstream so
> as to minimise the final 3.8 delta. I assume the bulk of these
> patches are already in linux-next ?

Eric is pushing them in through various trees, and I don't know how
many of those feed into linux-next - but I don't think many of these
are in yet.  He was going to focus on the netns and pidns patches
first (hopefully getting us setns() for all namespaces).

-serge

More information about the kernel-team mailing list