> > + my $features = PVE::LXC::Config->parse_features($conf->{features}); > > + > > + $raw .= make_seccomp_config($conf, $unprivileged || $custom_idmap, > > + $features); > > + > > + $raw .= make_apparmor_config($conf, $unprivileged || $custom_idmap, > > + $features); > > what is the combination of '$unprivileged || $custom_idmap'`? > In the methods called this parameter is called just '$unprivileged', > so it's a bit confusing that it gets that also on true if an > user/group ID mapping is used. > > maybe pull that out (with your addition this || construct is used in three > places) > call it something alike $usernamespaced or $use_userns?
Right, will do. In most of these cases we don't need the precise mapping, so they're equivalent. $unprivileged is just our config key while $custom_idmap is when someone adds `lxc.idmap` entries manually. _______________________________________________ pve-devel mailing list pve-devel@pve.proxmox.com https://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel