As discussed earlier on this list with Serge, here is my first set of patches that fixes lxc_attach to user namespaces.
The first patch is bascially Serge's patch v2 with the following changes: - use socketpair() instead of pipes because we need two-way communication; before we exec() we need to make sure that the process was added to cgroups, otherwise this can be racy (for example, we execute something that fork()s immediately, then that may happen before we return from attaching the child to groups - this is now fixed) - some minor cleanups - a large explanatory comment in the source code about the general logic - use lxc_cgroup_attach directly, don't use prepare/finish/dispose (We don't need them any more if we double-fork()!) The second patch just gets rid of the unnecessary prepare/finish/dispose functions for cgroup attaching that were introduced to avoid a triple-fork in the first place. A few more patches will follow shortly, especially w.r.t. to UID and shell handling. -- Christian PS: As a side note: I currently get some weird error messages when the attached process ends: /bin/sh: 0: Cannot set tty process group (No such process) Apprently, upon exit, the shell of the container tries to reset the controlling terminal to have the process group of its parent process be the foreground process group. That fails, (because parent pid appears to be 0 from the inside), so it prints this message. Strangely enough, I got this message only recently, is this a new feature of the shell current Ubuntu versions use? I don't see an easy way to suppress the message btw., so I'm open to suggestions. ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
