Hi Serge, >> What about if we update the command interface to add an additional >> command along the lines of LXC_COMMAND_GET_NSFLAGS or similar, which >> returns the bitmask of CLONE_* used for starting the container? Then >> we would have the logic: > > That works fine for persistent containers which were started without > any command line changes. But even with a persistent container with > no network section, I could add a network section on the lxc-start > command line with '-s' arguments, making the set of cloned namespaces > different from what you'd expect from the config file. So there is > no good way I can think of, generally, to get that bitmask of CLONE_* > flags used for starting the container.
You misunderstood me: I don't want to read the configuration file - I want to ask the still-running lxc-start process (that listens on the abstract socket for the container) to give me the flags it used when it was run. Just as it may be asked to return a file descriptor for the console or the PID of the init process. We don't have to generate any file or store anything, we can just keep the information in a simple variable that we return via the command interface in case lxc-attach (or somebody else) asks. Regards, Christian ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
