> > + my $features = PVE::LXC::Config->parse_features($conf->{features});
> > +
> > + $raw .= make_seccomp_config($conf, $unprivileged || $custom_idmap,
> > + $features);
> > +
> > + $raw .= make_apparmor_config($conf, $unprivileged || $custom_idmap,
> > + $features);
>
> what is the combination of '$unprivileged || $custom_idmap'`?
> In the methods called this parameter is called just '$unprivileged',
> so it's a bit confusing that it gets that also on true if an
> user/group ID mapping is used.
>
> maybe pull that out (with your addition this || construct is used in three
> places)
> call it something alike $usernamespaced or $use_userns?
Right, will do. In most of these cases we don't need the precise
mapping, so they're equivalent. $unprivileged is just our config key
while $custom_idmap is when someone adds `lxc.idmap` entries manually.
_______________________________________________
pve-devel mailing list
pve-devel@pve.proxmox.com
https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
