Kir, Please take a look at the following patches. They implement support for unprivileged containers using user namespaces, and should work, modulo bugs.
v2: * use conf_parse_ulong to simplify uid/gid parsing. We do need to provide a default value for creation, though. * allow "0" to be specified as uid/gid offset. It simplifies the code if conf_parse_ulong is used, and well, if anyone *really* wants to run privileged... We will apply the default value now only if the fields are unset. Glauber Costa (6): host uid and gid parameters adjust fs_create parameter user namespace support for upstream containers modify tar extraction to account for user namespace add user mismatch test allow local uid and gid to be specified at container creation include/res.h | 8 +++++ include/types.h | 1 + include/vzctl_param.h | 3 ++ man/vzctl.8.in | 14 ++++++++ scripts/vps-create.in | 19 ++++++++++ src/lib/Makefile.am | 3 ++ src/lib/chown_preload.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++ src/lib/config.c | 32 +++++++++++++++++ src/lib/create.c | 30 ++++++++++------ src/lib/env.c | 29 +++++++++++++++ src/lib/hooks_ct.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++-- src/vzctl-actions.c | 2 ++ src/vzctl.c | 1 + vzctl.spec | 2 +- 14 files changed, 316 insertions(+), 14 deletions(-) create mode 100644 src/lib/chown_preload.c -- 1.7.11.7 _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel