User namespace development
The user namespace is crucial to bringing lxc container functionality up to par with openvz and vserver. Its development plan is posted at https:/
The natty cycle saw good upstream progress, with the acceptance of targeted capabilities.
Next, we need to complete the targeted capabilities implementation by converting all capability checks and uid comparisons to be namespace-aware. Time permitting, we would then proceed to handle more flexible vfs uid mapping.
Blueprint information
- Status:
- Complete
- Approver:
- Robbie Williamson
- Priority:
- High
- Drafter:
- Serge Hallyn
- Direction:
- Approved
- Assignee:
- Ubuntu Server
- Definition:
- Approved
- Series goal:
- Accepted for oneiric
- Implementation:
-
Implemented
- Milestone target:
-
ubuntu-11.10-beta-1
- Started by
- Dave Walker
- Completed by
- Dave Walker
Whiteboard
Status: Not yet started
Complexity:
Work items for oneiric-alpha-2:
[serge-hallyn] Write list of desired testcases: DONE
[serge-hallyn] Create list of to-be-converted capable calls: DONE
[serge-hallyn] Create list of candidate to-be-converted uid comparisons: DONE
Work items for oneiric-alpha-3:
[serge-hallyn] Convert appropriate capable calls list: DONE
[serge-hallyn] publish capable calls conversion to lkml: DONE
[serge-hallyn] Implement testcases: DONE
[serge-hallyn] Send updated capable conversion patchset: DONE
Work items for oneiric-beta-1:
[serge-hallyn] Convert kernel/signal.c uid comparisons: DONE
[serge-hallyn] publish kernel/signal.c to lkml: DONE
[serge-hallyn] Support simple superblock user-ns tagging: DONE
Work items for oneiric-beta-2:
[serge-hallyn] Get review on simple superblock user-ns tagging: POSTPONED
[serge-hallyn] Simple perf evaluation (kernel compile with unpatched, CONFIG_USER_NS=n and =y): DONE
Work Items
Dependency tree
* Blueprints in grey have been implemented.
