>>> On Fri, 24 Apr 2015 15:51:30 +0000 in message "Re: [lxc-devel] [RFC] Unprivileged aufs container" Serge Hallyn-san wrote:
> Quoting KATOH Yasufumi (ka...@jazz.email.ne.jp): > > Hi, > > > > Current aufs supports FS_USERNS_MOUNT by using module parameter > > 'allow_userns'. So we can start an unprivileged container using > > aufs. (But ubuntu kernel do not support it?) > > > > https://github.com/sfjro/aufs3-linux/commit/548fa48dbf52ad80e55deb8ca945c4f7814dbf94 > > > > How about support unprivileged aufs container? > > > > I tried creating the patch. (but I have not done enough test.) > > > > This moves the place of xino file to /dev/shm, because get_rundir > > always return '/run' when mount aufs, so unpriv container can't > > write. This idea is from > > docker(https://github.com/docker/docker/pull/826). > What if root starts a container, creates root-owned /dev/shm/lxc, > and then unpriv user tries to start a container? Oops! It's my mistake. I will re-send the patch. (and do more test) Thanks! (snip) _______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel