From bfc48afa14dd3e57f19fe00c68d06e3526f06ccd Mon Sep 17 00:00:00 2001
From: Daniel Veillard <veillard@redhat.com>
Date: Mon, 20 Apr 2009 12:27:12 +0000
Subject: [PATCH] cope with kernels where CLONE_NEWUSER is not supported *
 src/lxc_container.c src/lxc_container.h: cope with kernels   where
 CLONE_NEWUSER is not supported, patch by Serge Hallyn daniel

---
 ChangeLog           |  5 +++++
 src/lxc_container.c | 17 ++++++++++++++---
 src/lxc_container.h |  1 +
 3 files changed, 20 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 2b2ca1d7ab..a388b979cb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+Mon Apr 20 14:25:41 CEST 2009 Daniel Veillard <veillard@redhat.com>
+
+	* src/lxc_container.c src/lxc_container.h: cope with kernels
+	  where CLONE_NEWUSER is not supported, patch by Serge Hallyn
+
 Mon Apr 20 12:54:02 GMT 2009 Mark McLoughlin <markmc@redhat.com>
 
 	* docs/virsh.pod, virsh.1: fix typo reported by Robert P. J. Day
diff --git a/src/lxc_container.c b/src/lxc_container.c
index 67c66bd9b3..26cd619398 100644
--- a/src/lxc_container.c
+++ b/src/lxc_container.c
@@ -277,7 +277,7 @@ static int lxcContainerChildMountSort(const void *a, const void *b)
 #endif
 
 #ifndef MS_SLAVE
-#define MS_SLAVE		(1<<19)
+#define MS_SLAVE                (1<<19)
 #endif
 
 static int lxcContainerPivotRoot(virDomainFSDefPtr root)
@@ -666,6 +666,11 @@ static int lxcContainerChild( void *data )
     return lxcContainerExecInit(vmDef);
 }
 
+static int userns_supported(void)
+{
+    return lxcContainerAvailable(LXC_CONTAINER_FEATURE_USER) == 0;
+}
+
 /**
  * lxcContainerStart:
  * @driver: pointer to driver structure
@@ -694,7 +699,10 @@ int lxcContainerStart(virDomainDefPtr def,
     }
     stacktop = stack + stacksize;
 
-    flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|CLONE_NEWIPC|SIGCHLD;
+    flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|SIGCHLD;
+
+    if (userns_supported())
+        flags |= CLONE_NEWUSER;
 
     if (def->nets != NULL)
         flags |= CLONE_NEWNET;
@@ -719,13 +727,16 @@ static int lxcContainerDummyChild(void *argv ATTRIBUTE_UNUSED)
 
 int lxcContainerAvailable(int features)
 {
-    int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|
+    int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|
         CLONE_NEWIPC|SIGCHLD;
     int cpid;
     char *childStack;
     char *stack;
     int childStatus;
 
+    if (features & LXC_CONTAINER_FEATURE_USER)
+        flags |= CLONE_NEWUSER;
+
     if (features & LXC_CONTAINER_FEATURE_NET)
         flags |= CLONE_NEWNET;
 
diff --git a/src/lxc_container.h b/src/lxc_container.h
index 5d037b0602..b99e83e536 100644
--- a/src/lxc_container.h
+++ b/src/lxc_container.h
@@ -28,6 +28,7 @@
 
 enum {
     LXC_CONTAINER_FEATURE_NET = (1 << 0),
+    LXC_CONTAINER_FEATURE_USER = (1 << 1),
 };
 
 #define LXC_DEV_MAJ_MEMORY  1