user namespace delta over 3.7

Serge Hallyn serge.hallyn at
Mon Nov 19 17:40:50 UTC 2012

Quoting Colin Ian King (colin.king at
> On 19/11/12 17:17, Serge Hallyn wrote:
> >Quoting Colin Ian King (colin.king at
> >>On 14/11/12 20:55, Serge Hallyn wrote:
> >>>Quoting Tim Gardner (tim.gardner at
> >>>>On 11/06/2012 09:36 AM, Serge Hallyn wrote:
> >>>>>Hi,
> >>>>>
> >>>>>the core of user namespace code has landed upstream, however some more
> >>>>>is needed to run full ubuntu containers in a user namespace.  Some of
> >>>>>this will land in 3.8, but probably not all.  Eric's development tree
> >>>>>is at;a=summary
> >>>>>
> >>>>>I have pushed that tree on top of a recent raring tree at
> >>>>>git:// in branch
> >>>>>master.oct25.userns-v70.  It consists of 84 patches (including 5 just
> >>>>>updating under debian/, one by me fix to account for ubuntu delta, and
> >>>>>one not (yet) in Eric's tree to allow tmpfs mounts in a container),
> >>>>>which I can git-email if desired.  The built kernel is in
> >>>>>ppa:serge-hallyn/userns-natty and does allow me to boot a full ubuntu
> >>>>>container in a user namespace - meaning every root owned process and
> >>>>>file is actually owned by userid 100000 on the host and contained.
> >>>>>
> >>>>>I'm sending this now in the hopes that whatever bits don't land in
> >>>>>3.8 can be pushed onto the raring kernel.  Our goal this cycle is to
> >>>>>support user namespaces, and next cycle to support completely
> >>>>>unprivileged creation and starting of containers.
> >>>>>
> >>>>>-serge
> >>>>>
> >>>>
> >>>>Serge - how about a pull request for a branch that has been rebased
> >>>>on Raring master-next ? I took a quick stab at it and quickly ran
> >>>>into uapi transition conflicts (I think).
> >>>
> >>>A successfully built kernel is at
> >>>git:// (branch
> >>>master-next.nov14.userns which should be the default).
> >>>
> >>>-serge
> >>>
> >>
> >>I've got some questions and/or observations about the following commits:
> >>
> >>b3f4f523c8c20f2ca2ac031900f1a252d750ec1d
> >>debian changes to build in ppa
> >>
> >>	..this fiddles around with the skipabi, skipmodules to allow
> >>building in a PPA, but we should not pull that into the raring
> >>kernel.
> >
> >Right :)
> >
> >(Eric has addressed the other questions, I'll let that thread continue
> >there.)
> >
> >Note that Eric has sent a few sets (~40 patches) upstream in the last
> >few days.  At this point I think it's best to wait and see how those
> >fare, then after the next merge into raring (3.8, right?)  I'll re-port
> >the remainder.
> I'd rather see what lands in 3.8 at this stage.

Are you agreeing with what I said, or is there a difference I'm glossing

> >-serge
> >
> BTW, do we have any relevant tests so we can exercise these changes?

There is a usernstest.c in package nsexec in ppa:serge-hallyn/userns-natty,
plus base LTP tests, plus the simple running of ubuntu in a user namespace


More information about the kernel-team mailing list