[lxc-devel] [PATCH v3 0/6] Partial namespaces for lxc-attach
Christian Seiler
christian at iwakd.de
Thu May 24 13:55:53 UTC 2012
Hi there,
this is my third (and hopefully final :)) patch series for partial
namespaces in lxc-attach. I've made the following changes to the previous
versions:
- Split up the patches a tiny bit more, should make the changes a bit
clearer.
- I actually encountered a problem with pid namespaces that I introduced
when I first added cgroup attaching support to lxc-attach: For pid
namespaces, only the children of the process doing setns() are really
100% in the namespace, so the process doing setns() won't get a new pid
and if that process remounts /proc, it will still show the host's and not
the container's contents. So I've changed it up a bit to make the setns()
call again before the fork() - but then I had to adapt the cgroup logic.
The current solution is the simplest I could come up with. This is the
patch #2.
- lxc-start now has a command interface (patch #1) that is used to retrieve
the clone flags and to attach only to those namespaces when running
lxc-attach without any parameters (patch #3)
Regards,
Christian
More information about the lxc-devel
mailing list