Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User namespaces support based on graph driver-driven image mapping approach #6603

Closed
wants to merge 4 commits into from
Closed

User namespaces support based on graph driver-driven image mapping approach #6603

wants to merge 4 commits into from

Conversation

dineshs-altiscale
Copy link
Contributor

No description provided.

@dineshs-altiscale dineshs-altiscale mentioned this pull request Jun 23, 2014
Closed
@dineshs-altiscale
Fixup permissions of cache directories for user namespaces
7833201 
Docker-DCO-1.1-Signed-off-by: Dinesh Subhraveti <dineshs@altiscale.com> (github: dineshs-altiscale)
@dineshs-altiscale
Utilities required for user namespaces
4ad1c28 
Docker-DCO-1.1-Signed-off-by: Dinesh Subhraveti <dineshs@altiscale.com> (github: dineshs-altiscale)
@dineshs-altiscale
Remap UIDs when pulling the image and normalize when pushing
83a3306 
Docker-DCO-1.1-Signed-off-by: Dinesh Subhraveti <dineshs@altiscale.com> (github: dineshs-altiscale)
@dineshs-altiscale
Enable UID maps by invoking the driver
183e7eb 
Docker-DCO-1.1-Signed-off-by: Dinesh Subhraveti <dineshs@altiscale.com> (github: dineshs-altiscale)
cyphar
cyphar reviewed Jun 23, 2014
View reviewed changes
utils/uidmap.go
}

// Chown any root files to docker-root
func XlateUids(root string, inverse bool) error {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why isn't this just called TranslateUids? It's more readable.

@cyphar
Copy link
Contributor

cyphar commented Jun 23, 2014

Also, the Xlate... utilities should have separate functions for forward and reverse mappings (or the mappings passed in should be reversed and there should only be one function), since there is a lot of code duplication when checking if something should be reverse translated or forward translated.

@dineshs-altiscale
Copy link
Contributor Author

No need to map unmapped UIDs -- that's why they are called unmapped! ; )

Kernel automatically returns overflowuid/gid if it sees no mapping. Eg., a file with an unmapped GID automatically appears as nobody group (or whatever overflowgid is.)

@crosbymichael
Copy link
Contributor

Thanks for these PRs. We finally have the Go PRs merged to add support into libcontainer and will be working on user namespaces soon after the Go 1.4 release is out.

We will review the filesystem operations after the execution aspect is complete.

@thaJeztah thaJeztah mentioned this pull request Apr 28, 2015
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@dineshs-altiscale @cyphar @crosbymichael