[lxc-devel] [PATCH 2/9] Add missing double-include #ifndef/#define/#endif to confile.h

--- src/lxc/confile.h |5 + 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/src/lxc/confile.h b/src/lxc/confile.h index 6698fb2..f415e55 100644 --- a/src/lxc/confile.h +++ b/src/lxc/confile.h @@ -21,6 +21,9 @@ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 0211

[lxc-devel] [PATCH 6/9] Add attach.[ch]: Helper functions for lxc-attach

The following helper functions for lxc-attach are added to a new file attach.c: - lxc_proc_get_context_info: Get cgroup memberships, personality and capability bounding set from /proc for a given process. - lxc_proc_free_context_info: Free the data structure responsible - lxc_attach_proc_to_c

[lxc-devel] [PATCH 1/9] Add missing 'extern' keyword to functions defined in cgroup.h

--- src/lxc/cgroup.h | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h index 188d948..31dd2de 100644 --- a/src/lxc/cgroup.h +++ b/src/lxc/cgroup.h @@ -26,9 +26,9 @@ #define MAXPRIOLEN 24 struct lxc_handler; -int lxc_cgroup_cre

[lxc-devel] [PATCH 3/9] Enable get_cgroup_mount to search for mount points satisfying multiple subsystems at once

lxc-attach functionality reads /proc/init_pid/cgroup to determine the cgroup of the container for a given subsystem. However, since subsystems may be mounted together, we want to be on the safe side and be sure that we really find the correct mount point, so we allow get_cgroup_mount to check for *

[lxc-devel] [PATCH 5/9] Add lxc_config_parse_arch to parse architecture strings

Add the function lxc_config_parse_arch that parses an architecture string (x86, i686, x86_64, amd64) and returns the corresponding personality. This is required for lxc-attach, which accepts architectures independently of lxc.arch. The parsing of lxc.arch now also uses the same function to ensure c

[lxc-devel] [PATCH 9/9] Add man page for lxc-attach

--- configure.ac |1 + doc/Makefile.am|1 + doc/lxc-attach.sgml.in | 189 doc/see_also.sgml.in |5 ++ 4 files changed, 196 insertions(+), 0 deletions(-) create mode 100644 doc/lxc-attach.sgml.in diff --git a/config

[lxc-devel] [PATCH 7/9] Move lxc_attach from namespace.c to attach.c and rename it to lxc_attach_to_ns

Since lxc-attach helper functions now have an own source file, lxc_attach is moved from namespace.c to attach.c and is renamed to lxc_attach_to_ns, because that better reflects what the function does (attaching to a container can also contain the setting of the process's personality, adding it to t

[lxc-devel] [PATCH 8/9] lxc-attach: Drop privileges when attaching to container unless requested otherwise

lxc-attach will now put the process that is attached to the container into the correct cgroups corresponding to the container, set the correct personality and drop the privileges. The information is extracted from entries in /proc of the init process of the container. Note that this relies on the

[lxc-devel] [PATCH v2] lxc-attach: Consider cgroups/personality/capabilities of container

Hi, This is the new version of my patch that implements the features discussed in the previous thread. - The current status of the container is now read from /proc/init_pid/*, where init_pid is the pid of the container's init process. - By default: * The attached process acquires the per

[lxc-devel] [PATCH 4/9] cgroup: Make cgroup_attach a public function

lxc-attach needs to be able to attach a process to specific cgroup, so cgroup_attach is renamed to lxc_cgroup_attach and now also defined in the header file. --- src/lxc/cgroup.c |4 ++-- src/lxc/cgroup.h |1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lxc/cgroup.c