[Lxc-users] Hiding container processes from Host/HN's 'ps'
Serge Hallyn
serge.hallyn at canonical.com
Tue May 3 14:47:46 UTC 2011
Quoting ian sison (mailing list) (ian.sison at gmail.com):
> Hi all -
>
> In openvz, a certain sysctl parameter,
>
> kernel.pid_ns_hide_child = 1
>
> when executed at HN system startup will hide any processes that run
> inside the running containers from appearing in the output of 'ps'.
> This makes for a cleaner 'ps' output in the hardware node, and
> prevents inadvertent container malfunctions when something like
> 'killall -9 httpd' is executed in the command line of the HN.
>
> How can i do the same with LXC? My google searches draw up a blank.
It's not currently implemented anywhere that I know of, but you should
be able to pretty easily hack lxc-ps (take a look at the script) to show
you all tasks which are not in a container. I think that would be a
nice patch to push to upstream lxc-ps. 'lxc-ps --host' or something.
thanks,
-serge
More information about the lxc-users
mailing list