[Lxc-users] Hiding container processes from Host/HN's 'ps'
Greg Kurz
gkurz at fr.ibm.com
Tue May 3 14:59:43 UTC 2011
On Tue, 2011-05-03 at 09:47 -0500, Serge Hallyn wrote:
> Quoting ian sison (mailing list) (ian.sison at gmail.com):
> > Hi all -
> >
> > In openvz, a certain sysctl parameter,
> >
> > kernel.pid_ns_hide_child = 1
> >
> > when executed at HN system startup will hide any processes that run
> > inside the running containers from appearing in the output of 'ps'.
> > This makes for a cleaner 'ps' output in the hardware node, and
> > prevents inadvertent container malfunctions when something like
> > 'killall -9 httpd' is executed in the command line of the HN.
> >
> > How can i do the same with LXC? My google searches draw up a blank.
>
> It's not currently implemented anywhere that I know of, but you should
> be able to pretty easily hack lxc-ps (take a look at the script) to show
> you all tasks which are not in a container. I think that would be a
> nice patch to push to upstream lxc-ps. 'lxc-ps --host' or something.
>
That would be a nice to have _best effort_ solution indeed. But it
wouldn't solve the general use case like killing a task with killall or
top for example.
Cheers.
> thanks,
> -serge
>
> ------------------------------------------------------------------------------
> WhatsUp Gold - Download Free Network Management Software
> The most intuitive, comprehensive, and cost-effective network
> management toolset available today. Delivers lowest initial
> acquisition cost and overall TCO of any competing solution.
> http://p.sf.net/sfu/whatsupgold-sd
> _______________________________________________
> Lxc-users mailing list
> Lxc-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-users
--
Gregory Kurz gkurz at fr.ibm.com
Software Engineer @ IBM/Meiosys http://www.ibm.com
Tel +33 (0)534 638 479 Fax +33 (0)561 400 420
"Anarchy is about taking complete responsibility for yourself."
Alan Moore.
More information about the lxc-users
mailing list