Make vTPM work with user namespaces

stefanberger · stefanberger · commit 15ae2003ac07 · 2017-09-07T16:05:41.000+02:00
The setup call for Usernamespaces must come before creating the
VTPM devices, otherwise we get odd error messages that the uid
mappings are not available.

Signed-off-by: Stefan Berger &lt;stefanb@linux.vnet.ibm.com&gt;
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
@@ -198,10 +198,10 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 	if err := createDevices(spec, config); err != nil {
 		return nil, err
 	}
-	if err := createVTPMs(spec, config); err != nil {
+	if err := setupUserNamespace(spec, config); err != nil {
 		return nil, err
 	}
-	if err := setupUserNamespace(spec, config); err != nil {
+	if err := createVTPMs(spec, config); err != nil {
 		return nil, err
 	}
 	c, err := createCgroupConfig(opts)

Original file line number	Diff line number	Diff line change
`@@ -198,10 +198,10 @@ func CreateLibcontainerConfig(opts CreateOpts) (configs.Config, error) {`
`198`	`198`	`if err := createDevices(spec, config); err != nil {`
`199`	`199`	`return nil, err`
`200`	`200`	`}`
`201`		`- if err := createVTPMs(spec, config); err != nil {`
	`201`	`+ if err := setupUserNamespace(spec, config); err != nil {`
`202`	`202`	`return nil, err`
`203`	`203`	`}`
`204`		`- if err := setupUserNamespace(spec, config); err != nil {`
	`204`	`+ if err := createVTPMs(spec, config); err != nil {`
`205`	`205`	`return nil, err`
`206`	`206`	`}`
`207`	`207`	`c, err := createCgroupConfig(opts)`