user namespace delta over 3.7

Tim Gardner tim.gardner at canonical.com
Thu Nov 15 19:49:56 UTC 2012


On 11/14/2012 01:55 PM, Serge Hallyn wrote:
> Quoting Tim Gardner (tim.gardner at canonical.com):
>> On 11/06/2012 09:36 AM, Serge Hallyn wrote:
>>> Hi,
>>>
>>> the core of user namespace code has landed upstream, however some more
>>> is needed to run full ubuntu containers in a user namespace.  Some of
>>> this will land in 3.8, but probably not all.  Eric's development tree
>>> is at http://git.kernel.org/?p=linux/kernel/git/ebiederm/user-namespace.git;a=summary
>>>
>>> I have pushed that tree on top of a recent raring tree at
>>> git://kernel.ubuntu.com/serge/quantal-userns.git in branch
>>> master.oct25.userns-v70.  It consists of 84 patches (including 5 just
>>> updating under debian/, one by me fix to account for ubuntu delta, and
>>> one not (yet) in Eric's tree to allow tmpfs mounts in a container),
>>> which I can git-email if desired.  The built kernel is in
>>> ppa:serge-hallyn/userns-natty and does allow me to boot a full ubuntu
>>> container in a user namespace - meaning every root owned process and
>>> file is actually owned by userid 100000 on the host and contained.
>>>
>>> I'm sending this now in the hopes that whatever bits don't land in
>>> 3.8 can be pushed onto the raring kernel.  Our goal this cycle is to
>>> support user namespaces, and next cycle to support completely
>>> unprivileged creation and starting of containers.
>>>
>>> -serge
>>>
>>
>> Serge - how about a pull request for a branch that has been rebased
>> on Raring master-next ? I took a quick stab at it and quickly ran
>> into uapi transition conflicts (I think).
> 
> A successfully built kernel is at
> git://kernel.ubuntu.com/serge/quantal-userns.git (branch
> master-next.nov14.userns which should be the default).
> 
> -serge
> 

Serge - Of course I drug my feet on this until after Andy reinstated
overlayfs and aufs. Could you take a stab at resolving the issues with
your patch set on top of Ubuntu-3.7.0-2.8 ? There are a number of
function prototype changes in your patch set that require kuid_t/kgid_t,
etc, and aufs is coded against mainline 3.7. overlayfs is likely to have
the same issues.

rtg
-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list