[lxc-devel] RfC: Script hooks
Daniel Lezcano
dlezcano at fr.ibm.com
Sun Jan 10 03:48:48 UTC 2010
Michael Holzt wrote:
> I believe it would be nice it it was able to hook scripts in the process
> of container starting and stopping at some points, e.g. before starting
> or after pivot_root but before giving over to the container etc.
>
> Why? For example i would like to run a script which setups ebtables rules
> restricting the network access of the container. I think there are other
> uses for such hooks as well.
>
> Comments?
I added the hooks some month ago but removed them. The hooks can be very
useful in some cases but each time someone will need a hook somewhere:
before the clone or after the clone at the host context, before the exec
but after executing the hook in the parent process, after the
configuration, etc ... And the code becomes quickly a mess with
synchronisation point everywhere.
I understand the need of scripting for the configuration.
Wouldn't be interesting to add the lxc.script keyword in order to
execute a specific script when found in the configuration file ? You
will be able to specify several lines of lxc.script so you can insert
your script at the different point in the configuration. For example,
you can setup the network and right after insert your script.
lxc.network.type = veth
lxc.network.link = br0
lxc.script = <ebtables_script>
lxc.rootfs = /mnt/ve1
lxc.script = script_in_the_rootfs
More information about the lxc-devel
mailing list