[Lxc-users] Hiding container processes from Host/HN's 'ps'
Greg Kurz
gkurz at fr.ibm.com
Tue May 3 14:54:14 UTC 2011
On Tue, 2011-05-03 at 18:53 +0800, ian sison (mailing list) wrote:
> Hi all -
>
> In openvz, a certain sysctl parameter,
>
> kernel.pid_ns_hide_child = 1
>
> when executed at HN system startup will hide any processes that run
> inside the running containers from appearing in the output of 'ps'.
> This makes for a cleaner 'ps' output in the hardware node, and
> prevents inadvertent container malfunctions when something like
> 'killall -9 httpd' is executed in the command line of the HN.
>
> How can i do the same with LXC? My google searches draw up a blank.
>
> - Ian
>
AFAIK, there's no such thing in the mainline kernel for the moment. This
could be valuable though in the scenario you're exposing.
--
Gregory Kurz gkurz at fr.ibm.com
Software Engineer @ IBM/Meiosys http://www.ibm.com
Tel +33 (0)534 638 479 Fax +33 (0)561 400 420
"Anarchy is about taking complete responsibility for yourself."
Alan Moore.
More information about the lxc-users
mailing list