Getting userns enabled in vendor kernels

Serge E. Hallyn serge at hallyn.com
Thu Nov 14 17:48:32 UTC 2013


Quoting Aristeu Rozanski (aris at redhat.com):
> (Replying also to Serge, same argument)
> On Thu, Nov 14, 2013 at 07:52:53AM -0800, James Bottomley wrote:
> > The thing that worries me is that turning this off means no-one will
> > work on the bugs and one day distros will start to use USER_NS for
> > things other than containers.  When that happens, container roots will
> > need to use it to bring up distro IaaS instances.
> 
> True, but the status we have now is that USER_NS is disabled completely
> in Fedora. This approach will split the process in two: enable part of
> it, let it soak, solve problems, enable user created namespaces later.

Right - so my suggestion is that we agree on a 100% identical patch for anyone
who must use such a patch to justify enabling USER_NS to use.  But that we not
push it upstream.  (Ubuntu would hopefully not use it - unless the overmount bug
does not get fixed in a timely manner.)

-serge


More information about the Containers mailing list