User namespace (update)

Registered by Serge Hallyn

This blueprint has been superseded. See the newer blueprint "User namespace development" for updated plans.

Rationale:

A large remaining feature gap in LXC is that users are not namespaced. This means:

1. A root user in a container is the root user on the system
2. Non-root users in containers are the same as the same uid in other
containers and on the host.
3. Privileges granted in the container can be used toward resources on the
host (if namespaces provide a mapping for a resource on the host).

With a fully implemented user namespace, users and privilege will be targeted
to resources in namespaces owned by the creator of the namespace. This will
allow the safe granting of root and privileges inside containers.

A mostly complete implementation of user namespaces now exists, and has been
partially merged upstream. The remaining work is to push the rest of the
patchset, push userspace controls for the user namespace, and implement the
use of user namespaces in lxc containers.

Blueprint information

Status:
Complete
Approver:
Dave Walker
Priority:
High
Drafter:
Ubuntu Server
Direction:
Approved
Assignee:
Serge Hallyn
Definition:
Superseded
Series goal:
Accepted for quantal
Implementation:
Beta Available
Milestone target:
milestone icon ubuntu-12.10-beta-2
Started by
Kate Stewart
Completed by
Serge Hallyn

Related branches

Sprints

Whiteboard

User Stories:

Izzy wants to create a ubuntu 12.10 container with a root user, but doesn't
want to risk the root user in the container exerting privilege over
host resources.

Assumptions:

Upstream kernel accepts the remainder of user namespace patchset.

Release Notes:

Containers can now provide a root user which is privileged in the container,
but unprivileged on the host.

(?)

Work Items

Work items:
[ebiederm] Get first user ns patchset into linux-next: DONE
[ebiederm] Push remaining user ns patchset v45 into linux-next: DONE
[ebiederm] Push remaining user ns patches: POSTPONED
[ebiederm] Write patch for adduser to reserve uids: POSTPONED
[serge-hallyn] Write setuid utility for unprivileged users to reserve uids: DONE
[serge-hallyn] Push utility to reserve uids into adduser package: POSTPONED
[serge-hallyn] Blog when lxc is usable with userns in quantal: POSTPONED

Dependency tree

* Blueprints in grey have been implemented.

This blueprint contains Public information 
Everyone can see this information.