Add support for configuring UID/GID mappings on individual container mount points without affecting the global container mapping.
A new "idmap" mount point option accepts space-separated mappings: ``` idmap=type:ct:host:len type:ct:host:len ... ``` type: can be either 'u' or 'g' ct: ID as seen inside the container host: corresponding ID on the host len: number of consecutive IDs to map Unmapped ranges inherit the container's ID mapping. Example to pass through the host UID & GID 1005: ``` mp0: /mnt/data,mp=/data,idmap=u:1005:1005:1 g:1005:1005:1 ``` This allows, for example, passing through a directory owned by a specific user on the host to a specific user inside the container, without changing the ownership on the host or configuring an ID mapping for the entire container. Build/Bump order: * pve-common * pve-container * pve-manager pve-common: Filip Schauer (3): tools: export O_CLOEXEC constant syscall: add missing mount attribute constants tools: add mount_setattr syscall src/PVE/Syscall.pm | 3 +++ src/PVE/Tools.pm | 10 ++++++++++ 2 files changed, 13 insertions(+) pve-container: Filip Schauer (4): namespaces: relax prototype of run_in_userns namespaces: refactor run_in_userns namespaces: add helper to create user namespace from idmap implement per-mountpoint uid/gid mapping src/PVE/LXC.pm | 85 ++++++++++++++++++++++++++++++++++++++- src/PVE/LXC/Config.pm | 7 ++++ src/PVE/LXC/Namespaces.pm | 63 ++++++++++++++++++++++++----- src/lxc-pve-prestart-hook | 14 +++++++ 4 files changed, 157 insertions(+), 12 deletions(-) pve-manager: Filip Schauer (1): ui: lxc/MPEdit: add "idmap" option www/manager6/lxc/MPEdit.js | 203 +++++++++++++++++++++++++++++++++++++ 1 file changed, 203 insertions(+) Summary over all repositories: 7 files changed, 373 insertions(+), 12 deletions(-) -- Generated by git-murpp 0.6.0
