[lxc-devel] [critical] "Default" configuration may destroy host system

[Andrian Nord]

On Wed, Nov 25, 2009 at 12:02:06AM +0100, Daniel Lezcano wrote:
> I won't consider the config.include as it could be managed from outside 
> of lxc.

\Offtop{in defense of furry hamsters}

Eh, of course, via piping, but it's nice feature to have - it's really
annoying to construct something like

# cat /etc/lxc/lxc.common.conf /etc/lxc/template/config | \
	lxc-start -f /proc/self/fd/0 -l DEBUG -o log --name template

every time I need to debug something, or if I want to launch container
without messing with rc-system or wrapper scripts ;)

Actually this is most used feature into my configuration, and I've wrote
first implementation of this a few hours after I begin migration from
old openvz-powered server to then new lxc-powered one.

So, if variables in current state is just a platform for some further
uses, capabilities is an paranoia-driven feature, config.include, imho,
is most usable and reliable of all this three patches. Also, you may
consider, that variables could also be implemented outside lxc via

# name=template;
# echo -e "$(cat /path/to/{many,configs})" \
		"lxc.rootfs=/lxc/root/${name}" | sed \
			-e "s/\${lxc.name}/${name}/g" \
			-e 's:${var.lxcpath}:/etc/lxc:g' \
			-e "s:${lxc.rootfs}:/lxc/root/${name}" | \
				lxc-start --name "${name}" \
					-f /proc/self/fd/0 -d

(merging of multiply fstab files is also possible via using mkfifo and
cat'ing all found fstabs into this pipe-file, while using lxc.mount =
/path/to/mkfifo/pipe/file)

And this will work stable and reliable enough. But this is something ugly,
isn't it?

> Sorry for taking so much time for reviewing, usually I respond before, 
> but I am quite busy right now on some work, so I focus on smaller 
> patches like the fixes and small changes.

There is no need to haste, really, I was just curious, if you hadn't
forgot about them ;). Thanks for clarification

P.S. Sorry for tons of primitive grammar errors in my previous post.