linux: new mount option "idmap" #780
Merged
Commits on Nov 15, 2021
-
Signed-off-by: Giuseppe Scrivano <[email protected]>
-
Signed-off-by: Giuseppe Scrivano <[email protected]>
-
linux: generalize opening mounts earlier
generalize the mechanism of opening mount targets earlier. This will be necessary later to allow creating idmapped mounts before entering the user namespace. Signed-off-by: Giuseppe Scrivano <[email protected]>
-
linux: provide cleanup private data callback
prevent leaks on errors since it is called when the container is freed. Signed-off-by: Giuseppe Scrivano <[email protected]>
-
linux: add function to send mounts from the host
preparation patch to enable the creation of mounts before joining or creating a user namespace. This is needed for creating idmapped mounts that are usable from the container user namespace. Signed-off-by: Giuseppe Scrivano <[email protected]>
-
linux: new mount option "idmap"
when the "idmap" mount option is specified, create the mount outside of the container user namespace context and pass the mount fd to the container init process. Signed-off-by: Giuseppe Scrivano <[email protected]>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.