[lxc-devel] [PATCH v2] lxc-attach: Consider cgroups/personality/capabilities of container

Christian Seiler christian at iwakd.de
Thu Feb 9 14:33:06 UTC 2012


Hi,

This is the new version of my patch that implements the features discussed
in the previous thread.

 - The current status of the container is now read from /proc/init_pid/*,
   where init_pid is the pid of the container's init process.
 - By default:
    * The attached process acquires the personality of the container (i.e.
      architecture: 32bit vs. 64bit)
    * The attached process drops its capabilities according to those of the
      container
    * The attached process is put into the same cgroup as the container
      itself
 - Overrides:
    * -a/--arch option to set the architecture which the attached process
      sees manually
    * -e/--elevated-privileges option to stop the attached process from being
      put in the same cgroup as the container and to let it retain the
      capability bounding set it already posesses.
 - Add a manual page for lxc-attach(1)

Regards,
Christian





More information about the lxc-devel mailing list