[lxc-devel] [critical] "Default" configuration may destroy host system
Daniel Lezcano
daniel.lezcano at free.fr
Wed Nov 25 21:39:33 UTC 2009
Andrian Nord wrote:
> On Wed, Nov 25, 2009 at 12:02:06AM +0100, Daniel Lezcano wrote:
>
>> I won't consider the config.include as it could be managed from outside
>> of lxc.
>>
>
> \Offtop{in defense of furry hamsters}
>
> Eh, of course, via piping, but it's nice feature to have - it's really
> annoying to construct something like
>
> # cat /etc/lxc/lxc.common.conf /etc/lxc/template/config | \
> lxc-start -f /proc/self/fd/0 -l DEBUG -o log --name template
>
> every time I need to debug something, or if I want to launch container
> without messing with rc-system or wrapper scripts ;)
>
> Actually this is most used feature into my configuration, and I've wrote
> first implementation of this a few hours after I begin migration from
> old openvz-powered server to then new lxc-powered one.
>
> So, if variables in current state is just a platform for some further
> uses, capabilities is an paranoia-driven feature, config.include, imho,
> is most usable and reliable of all this three patches. Also, you may
> consider, that variables could also be implemented outside lxc via
>
> # name=template;
> # echo -e "$(cat /path/to/{many,configs})" \
> "lxc.rootfs=/lxc/root/${name}" | sed \
> -e "s/\${lxc.name}/${name}/g" \
> -e 's:${var.lxcpath}:/etc/lxc:g' \
> -e "s:${lxc.rootfs}:/lxc/root/${name}" | \
> lxc-start --name "${name}" \
> -f /proc/self/fd/0 -d
>
> (merging of multiply fstab files is also possible via using mkfifo and
> cat'ing all found fstabs into this pipe-file, while using lxc.mount =
> /path/to/mkfifo/pipe/file)
>
> And this will work stable and reliable enough. But this is something ugly,
> isn't it?
>
For what you are planning to do, yes it is ugly. But it is nice to have
such ability.
When I say it's manageable from outside of lxc, I mean you may be able
to add more configuration values to the command line.
Now that we have the configuration parsing out of lxc_start, we should
be able to specify different configuration files, something like:
lxc-start -n foo -f /etc/lxc/common -f /etc/lxc/foo
no ?
More information about the lxc-devel
mailing list