[lxc-devel] [RFC 3/5] added stop-hook entries
Wolfgang Bumiller
w.bumiller at proxmox.com
Tue Sep 29 06:31:54 UTC 2015
> On September 28, 2015 at 5:07 PM Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>
>
> Quoting Wolfgang Bumiller (w.bumiller at proxmox.com):
>
> No signed-off-by
>
> Note this will need a very good description in the documentation,
> to explain that this will run as a child of the monitor in the
> container's namespace, and iiuc with the container under
> $rootfs. so it will want to umount under i.e. LXC_ROOTFS_MOUNT.
It runs in the monitor namespace with references to the container's
namespace via filenames.
AFAIK the container's filesystem isn't actually visible from there
at that point, so LXC_ROOTFS_MOUNT would be empty?
Running "inside" the container's namespace was what I originally had
in mind when I first talked about this, but this doesn't really work.
Simply because I can't exec() a host path inside the mount namespace
of a container since it's not the same file or doesn't exist there.
I could open() a handle first and use fexecve(), but then the
container might lack the necessary libraries or the #!/interpreter.
This, mostly, is why I prefixed it as RFC. I currently pass the
namespace file descriptors as paths to
$nsname:/proc/$monitorpid/fd/$number
(in the patch you replied to about the asprintf() issue.)
Eg. you get the arguments `mnt:/proc/123/fd/12 pid:/proc/123/fd/13
uts:/proc/123/fd/14 ipc:/proc/123/fd/15 net:/proc/123/fd/16` passed
additionally to the regular hook arguments.
More information about the lxc-devel
mailing list