user namespace delta over 3.7

Colin Ian King colin.king at canonical.com
Mon Nov 19 17:22:50 UTC 2012 

On 19/11/12 17:17, Serge Hallyn wrote:
> Quoting Colin Ian King (colin.king at canonical.com):
>> On 14/11/12 20:55, Serge Hallyn wrote:
>>> Quoting Tim Gardner (tim.gardner at canonical.com):
>>>> On 11/06/2012 09:36 AM, Serge Hallyn wrote:
>>>>> Hi,
>>>>>
>>>>> the core of user namespace code has landed upstream, however some more
>>>>> is needed to run full ubuntu containers in a user namespace.  Some of
>>>>> this will land in 3.8, but probably not all.  Eric's development tree
>>>>> is at http://git.kernel.org/?p=linux/kernel/git/ebiederm/user-namespace.git;a=summary
>>>>>
>>>>> I have pushed that tree on top of a recent raring tree at
>>>>> git://kernel.ubuntu.com/serge/quantal-userns.git in branch
>>>>> master.oct25.userns-v70.  It consists of 84 patches (including 5 just
>>>>> updating under debian/, one by me fix to account for ubuntu delta, and
>>>>> one not (yet) in Eric's tree to allow tmpfs mounts in a container),
>>>>> which I can git-email if desired.  The built kernel is in
>>>>> ppa:serge-hallyn/userns-natty and does allow me to boot a full ubuntu
>>>>> container in a user namespace - meaning every root owned process and
>>>>> file is actually owned by userid 100000 on the host and contained.
>>>>>
>>>>> I'm sending this now in the hopes that whatever bits don't land in
>>>>> 3.8 can be pushed onto the raring kernel.  Our goal this cycle is to
>>>>> support user namespaces, and next cycle to support completely
>>>>> unprivileged creation and starting of containers.
>>>>>
>>>>> -serge
>>>>>
>>>>
>>>> Serge - how about a pull request for a branch that has been rebased
>>>> on Raring master-next ? I took a quick stab at it and quickly ran
>>>> into uapi transition conflicts (I think).
>>>
>>> A successfully built kernel is at
>>> git://kernel.ubuntu.com/serge/quantal-userns.git (branch
>>> master-next.nov14.userns which should be the default).
>>>
>>> -serge
>>>
>>
>> I've got some questions and/or observations about the following commits:
>>
>> b3f4f523c8c20f2ca2ac031900f1a252d750ec1d
>> debian changes to build in ppa
>>
>> 	..this fiddles around with the skipabi, skipmodules to allow
>> building in a PPA, but we should not pull that into the raring
>> kernel.
>
> Right :)
>
> (Eric has addressed the other questions, I'll let that thread continue
> there.)
>
> Note that Eric has sent a few sets (~40 patches) upstream in the last
> few days.  At this point I think it's best to wait and see how those
> fare, then after the next merge into raring (3.8, right?)  I'll re-port
> the remainder.

I'd rather see what lands in 3.8 at this stage.
>
> -serge
>
BTW, do we have any relevant tests so we can exercise these changes?

Colin

More information about the kernel-team mailing list