summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-04-22 11:47:35 +0200
committerLennart Poettering <lennart@poettering.net>2016-04-25 12:16:02 +0200
commit19aac838fc3b7bcaed272f19a0bec3962eef7418 (patch)
tree8f3ec2f253dc9c8acc494bc64f896447d0f9d364
parent0e7ac7515f2fe0782f4062bb223904e2748b535d (diff)
nspawn: add -U as shortcut for --private-users=pick
Given that user namespacing is pretty useful now, let's add a shortcut command line switch for the logic.
-rw-r--r--src/nspawn/nspawn.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index c330456ff9..3e32f59f75 100644
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -212,9 +212,10 @@ static void help(void) {
" --uuid=UUID Set a specific machine UUID for the container\n"
" -S --slice=SLICE Place the container in the specified slice\n"
" --property=NAME=VALUE Set scope unit property\n"
+ " -U --private-users=pick Run within user namespace, pick UID/GID range automatically\n"
" --private-users[=UIDBASE[:NUIDS]]\n"
- " Run within user namespace\n"
- " --private-user-chown Adjust OS tree file ownership for private user range\n"
+ " Run within user namespace, user configured UID/GID range\n"
+ " --private-user-chown Adjust OS tree file ownership for private UID/GID range\n"
" --private-network Disable network in container\n"
" --network-interface=INTERFACE\n"
" Assign an existing network interface to the\n"
@@ -425,7 +426,7 @@ static int parse_argv(int argc, char *argv[]) {
assert(argc >= 0);
assert(argv);
- while ((c = getopt_long(argc, argv, "+hD:u:abL:M:jS:Z:qi:xp:n", options, NULL)) >= 0)
+ while ((c = getopt_long(argc, argv, "+hD:u:abL:M:jS:Z:qi:xp:nU", options, NULL)) >= 0)
switch (c) {
@@ -860,6 +861,14 @@ static int parse_argv(int argc, char *argv[]) {
arg_userns_chown = true;
break;
+ case 'U':
+ arg_userns = true;
+ arg_userns_chown = true;
+ arg_uid_shift = UID_INVALID;
+ arg_uid_range = 0x10000U;
+ arg_uid_shift_pick = true;
+ break;
+
case ARG_KILL_SIGNAL:
arg_kill_signal = signal_from_string_try_harder(optarg);
if (arg_kill_signal < 0) {