LXC: Introduce New XML element for user namespace

This patch introduces new element <idmap> for
user namespace. for example
<idmap>
    <uid start='0' target='1000' count='10'/>
    <gid start='0' target='1000' count='10'/>
</idmap>

this new element is used for setting proc files
/proc/<pid>/{uid_map,gid_map}.

This patch also supports multiple uid/gid elements
setting in XML configuration.

We don't support the semi configuation, user has to
configure uid and gid both.

Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com>

docs/formatdomain.html.in

@@ -285,6 +285,29 @@
     </pre>
 
 
+    <p>
+      If you want to enable user namespace,set the <code>idmap</code> element.
+      the <code>uid</code> and <code>gid</code> elements have three attributes:
+    </p>
+
+    <dl>
+      <dt><code>start</code></dt>
+      <dd>First user id in container.</dd>
+      <dt><code>target</code></dt>
+      <dd>The first user id in container will be mapped to this target user
+          id in host.</dd>
+      <dt><code>count</code></dt>
+      <dd>How many users in container being allowed to map to host's user.</dd>
+    </dl>
+
+    <pre>
+  &lt;idmap&gt;
+    &lt;uid start='0' target='1000' count='10'/&gt;
+    &lt;gid start='0' target='1000' count='10'/&gt;
+  &lt;/idmap&gt;
+    </pre>
+
+
     <h3><a name="elementsSysinfo">SMBIOS System Information</a></h3>
 
     <p>

docs/schemas/domaincommon.rng

@@ -55,6 +55,9 @@
         <optional>
           <ref name="pm"/>
         </optional>
+        <optional>
+          <ref name="idmap"/>
+        </optional>
         <optional>
           <ref name="devices"/>
         </optional>
@@ -463,6 +466,34 @@
       </optional>
     </interleave>
   </define>
+  <define name="idmap">
+    <zeroOrMore>
+      <element name="uid">
+        <attribute name="start">
+          <ref name="unsignedInt"/>
+        </attribute>
+        <attribute name="target">
+          <ref name="unsignedInt"/>
+        </attribute>
+        <attribute name="count">
+          <ref name="unsignedInt"/>
+        </attribute>
+      </element>
+    </zeroOrMore>
+    <zeroOrMore>
+      <element name="gid">
+        <attribute name="start">
+          <ref name="unsignedInt"/>
+        </attribute>
+        <attribute name="target">
+          <ref name="unsignedInt"/>
+        </attribute>
+        <attribute name="count">
+          <ref name="unsignedInt"/>
+        </attribute>
+      </element>
+    </zeroOrMore>
+  </define>
   <!--
       Resources usage defines the amount of memory (maximum and possibly
       current usage) and number of virtual CPUs used by that domain.