From mboxrd@z Thu Jan 1 00:00:00 1970 From: Aristeu Rozanski Subject: Re: Getting userns enabled in vendor kernels Date: Thu, 14 Nov 2013 12:44:02 -0500 Message-ID: <20131114174401.GF12097@redhat.com> References: <20131113151330.GZ32643@redhat.com> <1384444373.2005.8.camel@dabdike.int.hansenpartnership.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <1384444373.2005.8.camel-sFMDBYUN5F8GjUHQrlYNx2Wm91YjaHnnhRte9Li2A+AAvxtiuMwx3w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: James Bottomley Cc: Containers , Serge Hallyn , "Eric W. Biederman" List-Id: containers.vger.kernel.org (Replying also to Serge, same argument) On Thu, Nov 14, 2013 at 07:52:53AM -0800, James Bottomley wrote: > The thing that worries me is that turning this off means no-one will > work on the bugs and one day distros will start to use USER_NS for > things other than containers. When that happens, container roots will > need to use it to bring up distro IaaS instances. True, but the status we have now is that USER_NS is disabled completely in Fedora. This approach will split the process in two: enable part of it, let it soak, solve problems, enable user created namespaces later. -- Aristeu