[Lxc-users] Hide container processes on the host...

[Papp Tamas]

On 05/05/2011 12:14 AM, David Touzeau wrote:
> Dear,
>
> I have an issue about hide processes on the host
>
> I have a watchdog script on the host that ensure  slapd is up
>
> there is different behavior using pidof or pgrep
>
> the ps aux output
>
> # ps aux|grep slapd
> root      2444  0.0  0.2 149296  6816 ?        Ssl  May03
> 1:21 /usr/sbin/slapd -4 -u root -g root -f /etc/ldap/slapd.conf -h
> ldap://127.0.0.1:389/
> root     23279  0.0  0.1  29040  6176 ?        Ssl  23:40
> 0:00 /usr/sbin/slapd -4 -u root -g root -f /etc/openldap/slapd.conf -h
> ldap://127.0.0.1:389/
>
> Has we can see: The process 23279 running inside the container
>
> the pgrep output the same output
> # pgrep -l -f "/usr/sbin/slapd"
> 2444 /usr/sbin/slapd -4 -u root -g root -f /etc/ldap/slapd.conf -h
> ldap://127.0.0.1:389/
> 23279 /usr/sbin/slapd -4 -u root -g root -f /etc/openldap/slapd.conf -h
> ldap://127.0.0.1:389
>
> Only the pidof point to the right process
> # pidof /usr/sbin/slapd
> 2444
>
> The problem is when the slapd process on the host is down, my script
> detect the container process, it think that slpad is up and did not
> react.
>
> I have searched if there is some "pointers" on the host inside
> the /proc/xxx directory (eg /proc/status, /proc/cmdline )  that shgould
> helps my script to detecting that the process is not a "host" process
> but no luck.

hi!

host:
$ cat /proc/744/cgroup
1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset:/

container:
$ cat /proc/25924/cgroup
1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset:/svn


In other words, if /proc/PID/cgroups exists and its last character is 
not /, then it's a container process.

tamas