patchset to enable user namespaces
Serge Hallyn
serge.hallyn at ubuntu.com
Wed Sep 25 23:04:51 UTC 2013
Quoting Andy Whitcroft (apw at canonical.com):
> On Mon, Sep 23, 2013 at 05:08:26PM -0500, Serge Hallyn wrote:
> > Hi,
> >
> > The final patches needed to resolve conflicts between XFS and user
> > namespaces are in 3.12. I've backported them to saucy at
> >
> > http://kernel.ubuntu.com/git?p=serge/ubuntu-saucy.git;a=summary # m.sep23.xfs2
> >
> > This has 7 patches cherrypicked from Linus' tree, one patch by
> > myself to add a sysctl, default off, to enable unprivileged use
> > of CLONE_NEWUSER, and a packaging patch to set CONFIG_USER_NS=y.
>
> These are pretty big patches to be bringing so late to the party. I am
> particularly concerned that you have missed the beta deadline so we will
> be shovelling this into the kernel after the majority of the testing has
> been completed.
>
> I assume we need these XFS patches because you cannot enable USER_NS at
> all without disabling XFS en-toto, an obvious no-no. What feature does
> this new code enable which would be lost if we don't have them.
>
> On the unpriveleged setup, I presume we are saying upstream will allow
> it by default, it is just us who are adding this possible cut off if
> there are issues?
>
> As this heavily affects xfs what testing has been done there with your
> patches to confirm basic xfs operation after they are applied. It not
Just creating and running containers on an XFS filesystem. Installing
packages, building lxc - working the fs hard but not in imaginative
ways. For future reference is there any particular test you use
nowadays?
-serge
More information about the kernel-team
mailing list