[Lxc-users] Executing a command inside a running container?

[Marco d'Itri]

serue at us.ibm.com wrote:

>Just to be clear, it's the namespaces, not the cgroups, which don't
>allow this.  We've floated 'sys_hijack' a few times as a way to create
>a child which actually inherits its namespaces from a different specified
>task, which would give you what you need, but it's a tough sell since
>userspace can work around it.
I have a slightly different requirement: I need a way to move the
*current* process inside an existing namespace (and its associated
cgroups).
I use this on custom openvz-based systems to support very lightweight
containers which can use e.g. sshd and cron from the host system thanks
to a libpam_vz module which transparently enters the container when
needed.

This is very easy to implement with the openvz kernel (just add errors
checking):

    vzfd = open(VZCTLDEV, O_RDWR);
    setluid(veid);
    env_create.veid = veid;
    env_create.flags = VE_ENTER;
    ioctl(vzfd, VZCTL_ENV_CREATE, &env_create);
    close(vzfd);

but I really want to move away from openvz since clearly Parallels
only cares about supporting RHEL and has not released yet a 2.6.32
kernel.

libpam_vz is GPL'ed: http://ftp.linux.it/pub/People/md/libpam-vz/ .

Is there any way to do this with containers?

-- 
ciao,
Marco