lxc_setup_for_attach changes the context of the current running process in
such a way that it matches that of the container it is supposed to attach to
(personality, capabilities).
---
src/lxc/conf.c | 16
src/lxc/conf.h |2 ++
2 files changed, 18 insertions(+), 0 deletions(
lxc-attach is reworked so that it adds the newly attached process to the
cgroup of the container, changes the personality of the process to that
of the container and drops capabilities to those specified in the container
configuration file. The latter can be overridden with a new option that
allows
This commit adds the lxc_cgroup_attach function that adds a pid to the tasks
file of a specific cgroup in all subsystems. This is required for lxc-attach
to be able to put newly started processes in the same cgroup as the
container.
---
src/lxc/cgroup.c | 47 +
---
src/lxc/cgroup.h | 10 +-
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h
index 188d948..31dd2de 100644
--- a/src/lxc/cgroup.h
+++ b/src/lxc/cgroup.h
@@ -26,9 +26,9 @@
#define MAXPRIOLEN 24
struct lxc_handler;
-int lxc_cgroup_cre
Hi,
As I didn't hear anything on this issue, I looked at it more closely and
found found that not only are capabilities currently not dropped from
withing lxc, but also the personality is not set correctly and the newly
started process is not put in the correct cgroup (circumventing e.g. device
re
On 03.02.2012 16:54, Christian Seiler wrote:
> ---
> src/lxc/cgroup.h | 10 +-
> 1 files changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h
> index 188d948..31dd2de 100644
> --- a/src/lxc/cgroup.h
> +++ b/src/lxc/cgroup.h
> @@ -26,9 +26,9 @@
>
Hi,
> Note that "extern" keyword on function declarations has no
> effect whatsoever.
Yes, but I personally think it's good practice to always put it there,
since it doesn't cause any harm either, because otherwise one may
forget the keyword with variables, where it really matters. Also, lxc
uses
