[lxc-devel] RfC: Script hooks
Michael Tokarev
mjt at tls.msk.ru
Sat Jan 9 23:07:00 UTC 2010
Michael Holzt wrote:
> I believe it would be nice it it was able to hook scripts in the process
> of container starting and stopping at some points, e.g. before starting
> or after pivot_root but before giving over to the container etc.
>
> Why? For example i would like to run a script which setups ebtables rules
> restricting the network access of the container. I think there are other
> uses for such hooks as well.
>
> Comments?
It's _definitely_ useful, and in fact most of the ad-hoc things
already implemented in lxc utils can be easily done in hooks
instead of the utilities directly. Even the network setup as
currently done is quite limited. But people says it's slow --
starting 10000 containers with hooks in use takes about 0.01s
longer than without hooks....
(Additional) network setup, namespace preparation, variable
expansion (mount paths for example), and alot of other things -
that's many different possibilities. For now all that stuff
gets implemented directly in lxc utilities, using poor substitute
of tools available thanks to shell and other Unix utilities.
/mjt
More information about the lxc-devel
mailing list