In order to be able to reuse code in lxc-attach, the functions
lxc_namespace_2_cloneflag and lxc_fill_namespace_flags are moved from
lxc_unshare.c to namespace.c.
Signed-off-by: Christian Seiler
Cc: Daniel Lezcano
Cc: Serge Hallyn
---
src/lxc/lxc_unshare.c | 45 --
Hi there,
this is my third (and hopefully final :)) patch series for partial
namespaces in lxc-attach. I've made the following changes to the previous
versions:
- Split up the patches a tiny bit more, should make the changes a bit
clearer.
- I actually encountered a problem with pid namespa
Add the LXC_COMMAND_CLONE_FLAGS that retrieves the flags passed to clone(2)
when the container was started. This allows external programs to determine
which namespaces the container was unshared from.
Signed-off-by: Christian Seiler
Cc: Daniel Lezcano
Cc: Serge Hallyn
---
src/lxc/commands.c |
With the introduction of lxc-attach's functionality to attach to cgroups,
the setns() calls were put in the child process after the fork() and not the
parent process before the fork() so the parent process remained outside the
namespaces and could add the child to the correct cgroup.
Unfortunately
Use the command interface to contact lxc-start to receive the set of
flags passed to clone() when starting the container. This allows lxc-attach
to determine which namespaces were used for the container and select only
those to attach to.
Signed-off-by: Christian Seiler
Cc: Daniel Lezcano
Cc: Se
This patch allows the user to select any list of namespaces (network, pid,
mount, uts, ipc, user) that lxc-attach should use when attaching to the
container; all other namespaces will not be attached to.
This allows the user to for example attach to just the network namespace and
use the host's (a
When attaching to only some namespaces of the container but not the mount
namespace, the contents of /sys and /proc of the host system do not properly
reflect the context of the container's pid and/or network namespaces, and
possibly others.
The introduced -R option adds the possibility to additio
Quoting Christian Seiler (christ...@iwakd.de):
> Add the LXC_COMMAND_CLONE_FLAGS that retrieves the flags passed to clone(2)
> when the container was started. This allows external programs to determine
> which namespaces the container was unshared from.
>
> Signed-off-by: Christian Seiler
> Cc: D
Quoting Christian Seiler (christ...@iwakd.de):
> In order to be able to reuse code in lxc-attach, the functions
> lxc_namespace_2_cloneflag and lxc_fill_namespace_flags are moved from
> lxc_unshare.c to namespace.c.
>
> Signed-off-by: Christian Seiler
> Cc: Daniel Lezcano
> Cc: Serge Hallyn
Ac
Quoting Christian Seiler (christ...@iwakd.de):
> Use the command interface to contact lxc-start to receive the set of
> flags passed to clone() when starting the container. This allows lxc-attach
> to determine which namespaces were used for the container and select only
> those to attach to.
>
>
Quoting Christian Seiler (christ...@iwakd.de):
> This patch allows the user to select any list of namespaces (network, pid,
> mount, uts, ipc, user) that lxc-attach should use when attaching to the
> container; all other namespaces will not be attached to.
>
> This allows the user to for example a
Quoting Christian Seiler (christ...@iwakd.de):
> When attaching to only some namespaces of the container but not the mount
> namespace, the contents of /sys and /proc of the host system do not properly
> reflect the context of the container's pid and/or network namespaces, and
> possibly others.
>
Hi Serge,
> Note there is no reason to resend this patch for this,
Actually, there were some trivial changes here due to patch #2, which
reordered some code in lxc_attach.c - that's why I resent it. Now it
should be trivial to apply all of the 6 patches to the current master
branch, before you'd
Hello,
Here is a suggestion to always close all inherited fds and get rid of
the existing --close-all-fds (-C) parameter from lxc-start.
This came up during an IRC discussion with Serge on LXC's current
behavior regarding fds.
The current code prints a warning if the user uses lxc-start and
inher
This changes the default behaviour from complaining about it but not closing
the inherited fds to logging an INFO entry and closing them automatically.
That's the same as always calling lxc-start with --close-all-fds.
Signed-off-by: Stéphane Graber
Cc: Daniel Lezcano
Cc: Serge Hallyn
---
doc/
Quoting Stéphane Graber (stgra...@ubuntu.com):
> This changes the default behaviour from complaining about it but not closing
> the inherited fds to logging an INFO entry and closing them automatically.
> That's the same as always calling lxc-start with --close-all-fds.
>
> Signed-off-by: Stéphane
Commits 15da01b3938d7ba45472e6c9d3b183a94dd86ca9 and
2e44ed1e647d9fd1544b7ad855bda22ca71abd12 conflicted and resulted in
some duplicate functionality. Drop the poorer version of that block.
Signed-off-by: Serge Hallyn
---
templates/lxc-ubuntu.in | 28
1 file chang
On 05/24/2012 03:22 PM, Serge Hallyn wrote:
> Commits 15da01b3938d7ba45472e6c9d3b183a94dd86ca9 and
> 2e44ed1e647d9fd1544b7ad855bda22ca71abd12 conflicted and resulted in
> some duplicate functionality. Drop the poorer version of that block.
>
> Signed-off-by: Serge Hallyn
Looks good.
Acked-by:
One of the common feature request I've heard about LXC, especially from
people who are used to OpenVZ is having a variety of hooks where they
can run their own script at various point of the container lifetime.
I had a quick look at what was available on OpenVZ and worked on a list
of hooks that I
19 matches
Mail list logo
