[Lxc-users] Hide container processes on the host...

David Touzeau david at touzeau.eu
Wed May 4 22:14:01 UTC 2011


Dear, 

I have an issue about hide processes on the host

I have a watchdog script on the host that ensure  slapd is up

there is different behavior using pidof or pgrep

the ps aux output 

# ps aux|grep slapd
root      2444  0.0  0.2 149296  6816 ?        Ssl  May03
1:21 /usr/sbin/slapd -4 -u root -g root -f /etc/ldap/slapd.conf -h
ldap://127.0.0.1:389/
root     23279  0.0  0.1  29040  6176 ?        Ssl  23:40
0:00 /usr/sbin/slapd -4 -u root -g root -f /etc/openldap/slapd.conf -h
ldap://127.0.0.1:389/

Has we can see: The process 23279 running inside the container

the pgrep output the same output
# pgrep -l -f "/usr/sbin/slapd"
2444 /usr/sbin/slapd -4 -u root -g root -f /etc/ldap/slapd.conf -h
ldap://127.0.0.1:389/
23279 /usr/sbin/slapd -4 -u root -g root -f /etc/openldap/slapd.conf -h
ldap://127.0.0.1:389

Only the pidof point to the right process
# pidof /usr/sbin/slapd
2444

The problem is when the slapd process on the host is down, my script
detect the container process, it think that slpad is up and did not
react.

I have searched if there is some "pointers" on the host inside
the /proc/xxx directory (eg /proc/status, /proc/cmdline )  that shgould
helps my script to detecting that the process is not a "host" process
but no luck.

the only way is to do function that parse the result of 
#lxc-ps --lxc aux|grep ldap
detect/return the slapd pid to the main script in order to force it to
bypassing this pid in the detection method.

But using this kind of solution is heavy when there is several
containers running on the same host and when you need to do the same
task with apache or mysql or any softwares that running many child
(postfix, amavisd-new,squid...)

I have read some post on the mailing list that there is no currently
solutions to fix this situation with LXC.
Is there a way hiding containers processes without LXC help  ?








More information about the lxc-users mailing list