user namespace delta over 3.7
Serge Hallyn
serge.hallyn at canonical.com
Mon Nov 19 17:17:41 UTC 2012
Quoting Colin Ian King (colin.king at canonical.com):
> On 14/11/12 20:55, Serge Hallyn wrote:
> >Quoting Tim Gardner (tim.gardner at canonical.com):
> >>On 11/06/2012 09:36 AM, Serge Hallyn wrote:
> >>>Hi,
> >>>
> >>>the core of user namespace code has landed upstream, however some more
> >>>is needed to run full ubuntu containers in a user namespace. Some of
> >>>this will land in 3.8, but probably not all. Eric's development tree
> >>>is at http://git.kernel.org/?p=linux/kernel/git/ebiederm/user-namespace.git;a=summary
> >>>
> >>>I have pushed that tree on top of a recent raring tree at
> >>>git://kernel.ubuntu.com/serge/quantal-userns.git in branch
> >>>master.oct25.userns-v70. It consists of 84 patches (including 5 just
> >>>updating under debian/, one by me fix to account for ubuntu delta, and
> >>>one not (yet) in Eric's tree to allow tmpfs mounts in a container),
> >>>which I can git-email if desired. The built kernel is in
> >>>ppa:serge-hallyn/userns-natty and does allow me to boot a full ubuntu
> >>>container in a user namespace - meaning every root owned process and
> >>>file is actually owned by userid 100000 on the host and contained.
> >>>
> >>>I'm sending this now in the hopes that whatever bits don't land in
> >>>3.8 can be pushed onto the raring kernel. Our goal this cycle is to
> >>>support user namespaces, and next cycle to support completely
> >>>unprivileged creation and starting of containers.
> >>>
> >>>-serge
> >>>
> >>
> >>Serge - how about a pull request for a branch that has been rebased
> >>on Raring master-next ? I took a quick stab at it and quickly ran
> >>into uapi transition conflicts (I think).
> >
> >A successfully built kernel is at
> >git://kernel.ubuntu.com/serge/quantal-userns.git (branch
> >master-next.nov14.userns which should be the default).
> >
> >-serge
> >
>
> I've got some questions and/or observations about the following commits:
>
> b3f4f523c8c20f2ca2ac031900f1a252d750ec1d
> debian changes to build in ppa
>
> ..this fiddles around with the skipabi, skipmodules to allow
> building in a PPA, but we should not pull that into the raring
> kernel.
Right :)
(Eric has addressed the other questions, I'll let that thread continue
there.)
Note that Eric has sent a few sets (~40 patches) upstream in the last
few days. At this point I think it's best to wait and see how those
fare, then after the next merge into raring (3.8, right?) I'll re-port
the remainder.
-serge
More information about the kernel-team
mailing list