git.proxmox.com Git - mirror_lxc.git/commit

author	Serge Hallyn <serge.hallyn@ubuntu.com>
	Mon, 22 Jul 2013 20:23:58 +0000 (15:23 -0500)
committer	Serge Hallyn <serge.hallyn@ubuntu.com>
	Tue, 23 Jul 2013 13:09:35 +0000 (08:09 -0500)
commit	d155b47dac549a5c30c0011923274e3744109c91
tree	d9fa88c805ceb8000a6c38c7e115a90419ffbbcf	tree
parent	469b57873977afcb5d9f5adb00097c944caedd2a	commit \| diff

define lxc-usernsexec

It uses the newuidmap and newgidmap program to start a shell in
a mapped user namespace. While newuidmap and newgidmap are
setuid-root, lxc-usernsexec is not.

If new{ug}idmap are not available, then this program is not
built or installed. Otherwise, it will be used to support creating,
starting, destroying, etc containers by unprivileged users using
their authorized subuids and subgids.

Example:
usernsexec -m u:0:100000:1 -- /bin/bash

will, if the user is authorized to use subuid 100000, start a
bash shell in a user namespace where 100000 on the host is
mapped to root in the namespace, and the shell is running as
(privileged) root.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

configure.ac		diff \| blob \| blame \| history
src/lxc/Makefile.am		diff \| blob \| blame \| history
src/lxc/lxc_usernsexec.c	[new file with mode: 0644]	blob