Re: [lxc-devel] [PATCH] Unshare user namespace as well

Daniel Lezcano Thu, 08 Apr 2010 02:12:13 -0700

Mikhail Gusarov wrote:
> Unshare user namespace to make sure setrlimit and other per-user limits are
> accounted properly in containers
> 
> Signed-off-by: Mikhail Gusarov <dotted...@dottedmag.net>
> ---
>  src/lxc/start.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 3b5023c..f1ae2fa 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -450,7 +450,7 @@ int lxc_spawn(const char *name, struct lxc_handler 
> *handler, char *const argv[])
>               return -1;
>       }
> 
> -     clone_flags = CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS;
> +     clone_flags = 
> CLONE_NEWUTS|CLONE_NEWPID|CLONE_NEWIPC|CLONE_NEWNS|CLONE_NEWUSER;
>       if (!lxc_list_empty(&handler->conf->network)) {
> 
>               clone_flags |= CLONE_NEWNET;


Thanks Mikhail for the patch. I will apply it.

------------------------------------------------------------------------------
Download Intel&#174; Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] Unshare user namespace as well

Reply via email to