[lxc-devel] [PATCH v2] lxc-attach: Consider cgroups/personality/capabilities of container
Christian Seiler
christian at iwakd.de
Fri Feb 17 12:53:52 UTC 2012
Hi there,
> This is the new version of my patch that implements the features
> discussed
> in the previous thread.
>
> - The current status of the container is now read from
> /proc/init_pid/*,
> where init_pid is the pid of the container's init process.
> - By default:
> * The attached process acquires the personality of the container
> (i.e.
> architecture: 32bit vs. 64bit)
> * The attached process drops its capabilities according to those
> of the
> container
> * The attached process is put into the same cgroup as the
> container
> itself
> - Overrides:
> * -a/--arch option to set the architecture which the attached
> process
> sees manually
> * -e/--elevated-privileges option to stop the attached process
> from being
> put in the same cgroup as the container and to let it retain
> the
> capability bounding set it already posesses.
> - Add a manual page for lxc-attach(1)
Any comments on this?
Regards,
Christian
More information about the lxc-devel
mailing list