[Lxc-users] Hiding container processes from Host/HN's 'ps'

ian sison (mailing list) ian.sison at gmail.com
Tue May 3 15:21:09 UTC 2011 

Thanks all for your answers.  At least I won't need to scrape any more
google results for answers to this.

As mentioned, it would certainly be a useful patch if ever it gets
implemented in mainline.  I hope someone from the lxc
kernel developers are listening to this thread... :)

- Ian


On Tue, May 3, 2011 at 10:59 PM, Greg Kurz <gkurz at fr.ibm.com> wrote:
> On Tue, 2011-05-03 at 09:47 -0500, Serge Hallyn wrote:
>> Quoting ian sison (mailing list) (ian.sison at gmail.com):
>> > Hi all -
>> >
>> > In openvz, a certain sysctl parameter,
>> >
>> > kernel.pid_ns_hide_child = 1
>> >
>> > when executed at HN system startup will hide any processes that run
>> > inside the running containers from appearing in the output of 'ps'.
>> > This makes for a cleaner 'ps' output in the hardware node, and
>> > prevents inadvertent container malfunctions when something like
>> > 'killall -9 httpd' is executed in the command line of the HN.
>> >
>> > How can i do the same with LXC?  My google searches draw up a blank.
>>
>> It's not currently implemented anywhere that I know of, but you should
>> be able to pretty easily hack lxc-ps (take a look at the script) to show
>> you all tasks which are not in a container.  I think that would be a
>> nice patch to push to upstream lxc-ps.  'lxc-ps --host' or something.
>>
>
> That would be a nice to have _best effort_ solution indeed. But it
> wouldn't solve the general use case like killing a task with killall or
> top for example.
>
> Cheers.
>
>> thanks,
>> -serge
>>
>> ------------------------------------------------------------------------------
>> WhatsUp Gold - Download Free Network Management Software
>> The most intuitive, comprehensive, and cost-effective network
>> management toolset available today.  Delivers lowest initial
>> acquisition cost and overall TCO of any competing solution.
>> http://p.sf.net/sfu/whatsupgold-sd
>> _______________________________________________
>> Lxc-users mailing list
>> Lxc-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-users
>
> --
> Gregory Kurz                                     gkurz at fr.ibm.com
> Software Engineer @ IBM/Meiosys                  http://www.ibm.com
> Tel +33 (0)534 638 479                           Fax +33 (0)561 400 420
>
> "Anarchy is about taking complete responsibility for yourself."
>        Alan Moore.
>
>

More information about the lxc-users mailing list