[lxc-devel] [PATCH] Add mechanism for container to notify host about end of boot

Christian Seiler christian at iwakd.de
Wed Sep 19 18:22:08 UTC 2012 

Hi,

>> I think /dev is the safest at the moment. Arguably it's wrong as it's
>> not an actual device node, but it's the only directory that lxc already
>> requires all distros not to mess with (or we wouldn't have working
>> console, tty, ...).
> 
> What are some other alternatives?
> 
> We could use some sysvipc mechanism - just have the container share
> the ipcns with the monitor.

The socket approach has the advantage that it can still be scripted from
the shell - my guess would be that this becomes really hard with sysvipc.

> We could create a directory (default /container, specifiable in
> the container config) where such communication files will be
> mounted.  Let the per-distro templates set up the location and
> the distro-userspace to work together.

Since other people in this thread have expressed interest in having some
general kind of directory to communicate with the container, perhaps
this really is the best idea. Then this would consist of the following:

 1) Create a directory that is shared between host and container
    More specifically:
          - mount a tmpfs with size=512k and nr_inodes=512
            (should be MORE than sufficient to put a few sockets or
            similar there) to /var/lib/lxc/$name/interface (or wherever)
          - just before pivot_root: bind-mount it to /container or
            any place specified in the config

 2) Create a lxc-specific socket inside /var/lib/lxc/$name/interface
    for status notifications when the mainloop is started.

 3) Other applications may choose to put sockets there for their own
    purposes if they whish.

The small tmpfs will make sure that the container can't do a disk space
denial-of-service on the host.

Thoughts?

> Others?

My guess is that other methods would certainly be possible but unless
I'm missing something obvious, I don't think there's anything out there
that isn't quite a bit more complicated than all the solutions discussed
here.

Regards,
Christian

More information about the lxc-devel mailing list