OpenStack Compute (nova)

Libvirt-lxc User Namespace Support

Registered by Andrew Melton

User namespaces provide a way for a process running in a container to appear to
be running as root, but are in fact running as a different user on the host.
The objective of this feature is to allow deployers to enable and configure
which users and groups are mapped between container and host.

Blueprint information

Status:
Complete
Approver:
John Garbutt
Priority:
Low
Drafter:
Andrew Melton
Direction:
Approved
Assignee:
Andrew Melton
Definition:
Approved
Series goal:
Accepted for juno
Implementation:
Implemented
Milestone target:
milestone icon 2014.2
Started by
John Garbutt
Completed by
Michael Still

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/libvirt-lxc-user-namespaces,n,z

Addressed by: https://review.openstack.org/94445
    Libvirt-lxc User Namespace Support

Addressed by: https://review.openstack.org/94454
    Add user namespace support for libvirt-lxc

Addressed by: https://review.openstack.org/94911
    Add testing for hooks

Addressed by: https://review.openstack.org/94915
    Add user namespace support for libvirt-lxc

Addressed by: https://review.openstack.org/90158
    Add user namespace support for libvirt-lxc

Addressed by: https://review.openstack.org/95278
    Add idmap to libvirt config

Addressed by: https://review.openstack.org/95279
    Add functions to setup user namespaced filesystems

Addressed by: https://review.openstack.org/95280
    Tests for nova.virt.libvirt.driver._create_domain

Addressed by: https://review.openstack.org/101921
    Spec for Neutron migration feature

Addressed by: https://review.openstack.org/113545
    Adds nova-idmapshift cli utility

All patches in the gate, leaving in juno. --johnthetubaguy 2nd September 2014

Sorry, this didn't make it, it needs a FFE now. --johnthetubaguy 5th September 2014

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.