[lxc-devel] [PATCH] Unshare user namespace as well

Mikhail Gusarov Thu, 08 Apr 2010 01:17:47 -0700

Unshare user namespace to make sure setrlimit and other per-user limits are
accounted properly in containers


Signed-off-by: Mikhail Gusarov <dotted...@dottedmag.net>
---
 src/lxc/start.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 3b5023c..f1ae2fa 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -450,7 +450,7 @@ int lxc_spawn(const char *name, struct lxc_handler 
*handler, char *const argv[])
                return -1;
        }
 
-       clone_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
+       clone_flags = 
CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWUSER;
        if (!lxc_list_empty(&handler->conf->network)) {
 
                clone_flags |= CLONE_NEWNET;
-- 
1.7.0


------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH] Unshare user namespace as well

Reply via email to