This patchset try to add userns support for libvirt lxc. Since userns is nearly completed in linux-3.9, the old kernel doesn't support userns, I add some New XML elements to let people decide if enable userns.The userns is disabled by default.
And because the uninit userns has no right to create devices, so we should create devices for container on host. This patch alse changes the owner of fuse and tty device. Cgroupfs is unavailable in userns now,so don't mount cgroupfs when we enable userns. Gao feng (6): LXC: New XML element for user namespace LXC: introduce virLXCControllerSetupUserns and lxcContainerSetUserns LXC: only mount cgroupfs when userns is disabled LXC: Creating devices for container on host side LXC: create tty device with proper permission for container LXC: fuse: Change files owner to the root user of container docs/formatdomain.html.in | 20 +++++- docs/schemas/domaincommon.rng | 36 ++++++++++ src/conf/domain_conf.c | 36 ++++++++++ src/conf/domain_conf.h | 21 ++++++ src/lxc/lxc_container.c | 122 ++++++++++++++++---------------- src/lxc/lxc_controller.c | 157 +++++++++++++++++++++++++++++++++++++++++- src/lxc/lxc_fuse.c | 6 ++ 7 files changed, 333 insertions(+), 65 deletions(-) -- 1.7.11.7 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
