[lxc-devel] 回复:Re: How to change to lxc internal PID to system wide PID

[Greg Kurz]

On Tue, 2011-12-13 at 09:49 +0800, yinxb at neusoft.com wrote:
> Hi Gregory Kurz
> 
>    From the google search,SCM_CREDENTIALS contains the PID of the 
> sender process,in the sender's
> PID namespace.
>    So if the lxc App acts as the sender, the PID is 2 which is also 
> invalid for the host. 
> (lxc has its own PID namesapce)
>    Correct me if wrong,thanks.
> 

Hi Xiaobiao,

What you say was true a long time ago, but the SCM_CREDENTIALS feature
is pid namespace aware since 2.6.35: a struct cred in the kernel holds a
ref to a struct pid instead of a pid_t. The appropriate numerical pid is
returned to the caller of recvmsg() according to the following path:

unix_stream_recvmsg()->scm_set_cred()->cred_to_ucred()

Unless you run an older kernel, you can safely rely on unix sockets to
perform pid translation from the container to the host.

Cheers.

> Cheers
> Xiaobiao
> ----- 原邮件 -----
> 从: Greg Kurz <gkurz at fr.ibm.com>
> 日期: 星期一, 十二月 12日, 2011 下午6:08
> 主题: Re: [lxc-devel] How to change to lxc internal PID to system wide 
> PID
> 
> > On Mon, 2011-12-12 at 11:01 +0800, yinxb at neusoft.com wrote:
> > > Hi all
> > > 
> > >   These days I encouter a problem.
> > >   When I use the lxc to running my app,the getpid() system call 
> > > returns 2.But in my platform,
> > >   I need the system wide PID instead for some purpose,such as 
> > > integrade with native app(not running in lxc).
> > >   (I want to integrade the lxc app in my platform to do 
> > isolation,and 
> > > use the dbus for IPC)
> > >   So how to solve this conflict?Can anyone give me a hint? 
> > > 
> > >   Thanks for your time.
> > > 
> > > Cheers
> > > Xiaobiao
> > 
> > Hi Xiaobiao,
> > 
> > This is a recurring need from the lxc community... For the moment, 
> the
> > only kernel service that provides PID conversions is 'ancillary 
> > messageson AF_UNIX sockets'. Look for SCM_CREDENTIALS in unix(7). 
> > All you need
> > is connected unix socket between your container and the host system.
> > 
> > Cheers.
> > 
> > -- 
> > Gregory Kurz                                     gkurz at fr.ibm.com
> > Software Engineer @ IBM/Meiosys                  http://www.ibm.com
> > Tel +33 (0)534 638 479                           Fax +33 (0)561 
> > 400 420
> > 
> > "Anarchy is about taking complete responsibility for yourself."
> >        Alan Moore.
> > 
> > 
> ---------------------------------------------------------------------------------------------------
> Confidentiality Notice: The information contained in this e-mail and any accompanying attachment(s) 
> is intended only for the use of the intended recipient and may be confidential and/or privileged of 
> Neusoft Corporation, its subsidiaries and/or its affiliates. If any reader of this communication is 
> not the intended recipient, unauthorized use, forwarding, printing,  storing, disclosure or copying 
> is strictly prohibited, and may be unlawful.If you have received this communication in error,please 
> immediately notify the sender by return e-mail, and delete the original message and all copies from 
> your system. Thank you. 
> ---------------------------------------------------------------------------------------------------

-- 
Gregory Kurz                                     gkurz at fr.ibm.com
Software Engineer @ IBM/Meiosys                  http://www.ibm.com
Tel +33 (0)534 638 479                           Fax +33 (0)561 400 420

"Anarchy is about taking complete responsibility for yourself."
        Alan Moore.