Make vTPM work with user namespaces

stefanberger · stefanberger · commit a1ef4ebd1e06 · 2017-09-09T02:15:29.000+02:00
The setup call for Usernamespaces must come before creating the
VTPM devices, otherwise we get odd error messages that the uid
mappings are not available.

Signed-off-by: Stefan Berger &lt;stefanb@linux.vnet.ibm.com&gt;
diff --git a/libcontainer/specconv/spec_linux.go b/libcontainer/specconv/spec_linux.go
@@ -191,10 +191,10 @@ func CreateLibcontainerConfig(opts *CreateOpts) (*configs.Config, error) {
 	if err := createDevices(spec, config); err != nil {
 		return nil, err
 	}
-	if err := createVTPMs(spec, config); err != nil {
+	if err := setupUserNamespace(spec, config); err != nil {
 		return nil, err
 	}
-	if err := setupUserNamespace(spec, config); err != nil {
+	if err := createVTPMs(spec, config); err != nil {
 		return nil, err
 	}
 	c, err := createCgroupConfig(opts)

Original file line number	Diff line number	Diff line change
`@@ -191,10 +191,10 @@ func CreateLibcontainerConfig(opts CreateOpts) (configs.Config, error) {`
`191`	`191`	`if err := createDevices(spec, config); err != nil {`
`192`	`192`	`return nil, err`
`193`	`193`	`}`
`194`		`- if err := createVTPMs(spec, config); err != nil {`
	`194`	`+ if err := setupUserNamespace(spec, config); err != nil {`
`195`	`195`	`return nil, err`
`196`	`196`	`}`
`197`		`- if err := setupUserNamespace(spec, config); err != nil {`
	`197`	`+ if err := createVTPMs(spec, config); err != nil {`
`198`	`198`	`return nil, err`
`199`	`199`	`}`
`200`	`200`	`c, err := createCgroupConfig(opts)`