[pve-devel] [RFC container 2/3] add feature flags using apparmor profile generation
Wolfgang Bumiller
w.bumiller at proxmox.com
Wed Sep 19 15:15:06 CEST 2018
> > + my $features = PVE::LXC::Config->parse_features($conf->{features});
> > +
> > + $raw .= make_seccomp_config($conf, $unprivileged || $custom_idmap,
> > + $features);
> > +
> > + $raw .= make_apparmor_config($conf, $unprivileged || $custom_idmap,
> > + $features);
>
> what is the combination of '$unprivileged || $custom_idmap'`?
> In the methods called this parameter is called just '$unprivileged',
> so it's a bit confusing that it gets that also on true if an
> user/group ID mapping is used.
>
> maybe pull that out (with your addition this || construct is used in three places)
> call it something alike $usernamespaced or $use_userns?
Right, will do. In most of these cases we don't need the precise
mapping, so they're equivalent. $unprivileged is just our config key
while $custom_idmap is when someone adds `lxc.idmap` entries manually.
More information about the pve-devel
mailing list