Quoting Dwight Engen (dwight.en...@oracle.com):
> The id ordering and case of u,g is also consistent with uidmapshift,
> reducing confusion.
>
> doc: Moved example to the the EXAMPLES section, and used values
> corresponding to the defaults in the pending shadow-utils subuid patch.
>
> Signed-off-by: Dwight Engen <dwight.en...@oracle.com>
Acked-by: Serge Hallyn <serge.hal...@ubuntu.com>
I will also need to update the container-userns-convert script in
the nsexec package :)
> ---
> doc/lxc.conf.sgml.in | 30 ++++++++++++++++--------------
> src/lxc/conf.c | 4 ++--
> src/lxc/confile.c | 8 ++++----
> 3 files changed, 22 insertions(+), 20 deletions(-)
>
> diff --git a/doc/lxc.conf.sgml.in b/doc/lxc.conf.sgml.in
> index ae91221..60e7baa 100644
> --- a/doc/lxc.conf.sgml.in
> +++ b/doc/lxc.conf.sgml.in
> @@ -709,21 +709,12 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston,
> MA 02111-1307 USA
> <listitem>
> <para>
> Four values must be provided. First a character, either
> - 'U', or 'G', to specify whether user or group ids are
> - being mapped. Next is the first userid as seen on the
> - host. Next is the userid to be mapped in the container.
> - Finally, a range indicating the number of consecutive
> - ids to map. For instance
> + 'u', or 'g', to specify whether user or group ids are
> + being mapped. Next is the first userid as seen in the
> + user namespace of the container. Next is the userid as
> + seen on the host. Finally, a range indicating the number
> + of consecutive ids to map.
> </para>
> -<programlisting>
> - lxc.id_map = U 200000 0 20000
> - lxc.id_map = G 200000 0 20000
> -</programlisting>
> - <para>
> - will map both user and group ids in the
> - range 0-19999 in the container to the ids
> - 200000-219999 on the host.
> - </para>
> </listitem>
> </varlistentry>
> </variablelist>
> @@ -953,6 +944,17 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
> 02111-1307 USA
> </refsect2>
>
> <refsect2>
> + <title>UID/GID mapping</title>
> + <para>This configuration will map both user and group ids in the
> + range 0-9999 in the container to the ids 100000-109999 on the host.
> + </para>
> + <programlisting>
> + lxc.id_map = u 0 100000 10000
> + lxc.id_map = g 0 100000 10000
> + </programlisting>
> + </refsect2>
> +
> + <refsect2>
> <title>Control group</title>
> <para>This configuration will setup several control groups for
> the application, cpuset.cpus restricts usage of the defined cpu,
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 97b4ae4..e2abc72 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2447,7 +2447,7 @@ int lxc_assign_network(struct lxc_list *network, pid_t
> pid)
> return 0;
> }
>
> -int add_id_mapping(enum idtype idtype, pid_t pid, uid_t host_start, uid_t
> ns_start, int range)
> +static int add_id_mapping(enum idtype idtype, pid_t pid, uid_t ns_start,
> uid_t host_start, int range)
> {
> char path[PATH_MAX];
> int ret, closeret;
> @@ -2480,7 +2480,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
>
> lxc_list_for_each(iterator, idmap) {
> map = iterator->elem;
> - ret = add_id_mapping(map->idtype, pid, map->hostid, map->nsid,
> map->range);
> + ret = add_id_mapping(map->idtype, pid, map->nsid, map->hostid,
> map->range);
> if (ret)
> break;
> }
> diff --git a/src/lxc/confile.c b/src/lxc/confile.c
> index d350f01..59cedef 100644
> --- a/src/lxc/confile.c
> +++ b/src/lxc/confile.c
> @@ -1049,13 +1049,13 @@ static int config_idmap(const char *key, const char
> *value, struct lxc_conf *lxc
>
> lxc_list_add_tail(&lxc_conf->id_map, idmaplist);
>
> - ret = sscanf(value, "%c %d %d %d", &type, &hostid, &nsid, &range);
> + ret = sscanf(value, "%c %d %d %d", &type, &nsid, &hostid, &range);
> if (ret != 4)
> goto out;
> - INFO("read uid map: type %c hostid %d nsid %d range %d", type, hostid,
> nsid, range);
> - if (type == 'U')
> + INFO("read uid map: type %c nsid %d hostid %d range %d", type, nsid,
> hostid, range);
> + if (type == 'u')
> idmap->idtype = ID_TYPE_UID;
> - else if (type == 'G')
> + else if (type == 'g')
> idmap->idtype = ID_TYPE_GID;
> else
> goto out;
> --
> 1.7.12.3
>
------------------------------------------------------------------------------
Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester
Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the
endpoint security space. For insight on selecting the right partner to
tackle endpoint security challenges, access the full report.
http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
