Make vTPM work with user namespaces

stefanberger · stefanberger · commit 031f34a1351f · 2017-07-19T16:48:18.000-04:00
The setup call for Usernamespaces must come before creating the
VTPM devices, otherwise we get odd error messages that the uid
mappings are not available.

Signed-off-by: Stefan Berger &lt;stefanb@linux.vnet.ibm.com&gt;
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
@@ -212,10 +212,10 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 	if err := createDevices(spec, config); err != nil {
 		return nil, err
 	}
-	if err := createVTPMs(spec, config); err != nil {
+	if err := setupUserNamespace(spec, config); err != nil {
 		return nil, err
 	}
-	if err := setupUserNamespace(spec, config); err != nil {
+	if err := createVTPMs(spec, config); err != nil {
 		return nil, err
 	}
 	c, err := createCgroupConfig(opts)

Original file line number	Diff line number	Diff line change
`@@ -212,10 +212,10 @@ func CreateLibcontainerConfig(opts CreateOpts) (configs.Config, error) {`
`212`	`212`	`if err := createDevices(spec, config); err != nil {`
`213`	`213`	`return nil, err`
`214`	`214`	`}`
`215`		`- if err := createVTPMs(spec, config); err != nil {`
	`215`	`+ if err := setupUserNamespace(spec, config); err != nil {`
`216`	`216`	`return nil, err`
`217`	`217`	`}`
`218`		`- if err := setupUserNamespace(spec, config); err != nil {`
	`218`	`+ if err := createVTPMs(spec, config); err != nil {`
`219`	`219`	`return nil, err`
`220`	`220`	`}`
`221`	`221`	`c, err := createCgroupConfig(opts)`