[lxc-devel] Any way of inserting some process into specified namespace
Andrian Nord
nightnord at gmail.com
Fri Nov 6 18:23:07 UTC 2009
On Fri, Nov 06, 2009 at 02:52:58PM +0100, Daniel Lezcano wrote:
> No, there is no way to insert a process in a new namespace without an
> daemon running inside the container.
> There is a prototype with a daemon, done by Dietmar, working very well,
> in the git branch 'forker';
> it is not up-to-date with the master.
>
> http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=shortlog;h=refs/heads/forker
Am I correct, that this daemon acting as custom init, keeping
communication channel with lxc-start, forking, instead of exec'ing, real
init, and it could be used for forking arbitry commands inside container
namespace? If yes, I've was thinking about something like that reading thread about
cloneat/sys_clone3 and I like that idea very much, because it may have many
benefits over just ability of running commands inside containers.
And, most probably, there is no big problem in fact, that actual init will
run with pid different from 1.
I'll try to reimplement this with master branch some time later (before that,
I should post here two already existing patches, that require some
additional rework before posting =))
Anyway, thanks for idea, it looks like just something implementing of
which i'm capabable in.
>
> But unfortunately it is not compatible with the application containers.
> May be there is a solution but I had no time to investigate.
Why? As far as I could see, you are using lxc-init as primary process
for application containers, so, why it couldn't replaced by custom init
from above, forking exact application instead of /sbin/init?
> There was a discussion around a cloneat syscall, making possible to fork
> a process and re-parent it to the specified process.
>
> https://lists.linux-foundation.org/pipermail/containers/2009-October/021476.html
>
> Maybe you can react to this email ?
"React"? I'm not absolutelly sure, what do you mean with that =)
I'm not familiar with kernel programming, so I can't say anything
usefull about this idea. But from my point, in task of execing programs
inside of container, custom init is something much more simple, still,
of course, it hardly could be used for checkpointing/restarting.
More information about the lxc-devel
mailing list