-
start: rework ns sharing + add userns sharing · fa3a5b22Christian Brauner authored
- Implement inheriting user namespaces. - When inheriting user namespaces make sure to not try and map ids again. The kernel will not allow you to do this. - Change clone() logic: 1. If we inherit no namespaces simply call lxc_clone(). 2. If we inherit any namespaces call lxc_fork_attach_clone(). Here's why: - Causes one syscall (fork()) instead of two syscalls (setns() to inherited namespace and setns() back to parent namespace) to be performed. - Allows us to get rid of a bunch of variables and helper functions/code. - Sharing a user namespaces requires us to setns() to the inherited user namespace but the kernel does not allow reattaching to a parent user namespace. So the old logic made user namespace inheritance impossible. By using the lxc_fork_attach_clone() model we can simply setns() to the inherited user namespace in the fork()ed child and be done with it. The only thing we need to do is to specify CLONE_PARENT when calling clone() in lxc_fork_attach_clone() so that we can wait on the child. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| include | Loading commit data... | |
| lua-lxc | Loading commit data... | |
| lxc | Loading commit data... | |
| python-lxc | Loading commit data... | |
| tests | Loading commit data... | |
| Makefile.am | Loading commit data... |