[Lxc-users] Hide container processes on the host...

David Touzeau david at touzeau.eu
Wed May 4 22:54:48 UTC 2011 

Le jeudi 05 mai 2011 à 00:35 +0200, Papp Tamas a écrit :

> On 05/05/2011 12:14 AM, David Touzeau wrote:
> > Dear,
> >
> > I have an issue about hide processes on the host
> >
> > I have a watchdog script on the host that ensure  slapd is up
> >
> > there is different behavior using pidof or pgrep
> >
> > the ps aux output
> >
> > # ps aux|grep slapd
> > root      2444  0.0  0.2 149296  6816 ?        Ssl  May03
> > 1:21 /usr/sbin/slapd -4 -u root -g root -f /etc/ldap/slapd.conf -h
> > ldap://127.0.0.1:389/
> > root     23279  0.0  0.1  29040  6176 ?        Ssl  23:40
> > 0:00 /usr/sbin/slapd -4 -u root -g root -f /etc/openldap/slapd.conf -h
> > ldap://127.0.0.1:389/
> >
> > Has we can see: The process 23279 running inside the container
> >
> > the pgrep output the same output
> > # pgrep -l -f "/usr/sbin/slapd"
> > 2444 /usr/sbin/slapd -4 -u root -g root -f /etc/ldap/slapd.conf -h
> > ldap://127.0.0.1:389/
> > 23279 /usr/sbin/slapd -4 -u root -g root -f /etc/openldap/slapd.conf -h
> > ldap://127.0.0.1:389
> >
> > Only the pidof point to the right process
> > # pidof /usr/sbin/slapd
> > 2444
> >
> > The problem is when the slapd process on the host is down, my script
> > detect the container process, it think that slpad is up and did not
> > react.
> >
> > I have searched if there is some "pointers" on the host inside
> > the /proc/xxx directory (eg /proc/status, /proc/cmdline )  that shgould
> > helps my script to detecting that the process is not a "host" process
> > but no luck.
> 
> host:
> $ cat /proc/744/cgroup
> 1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset:/
> 
> 
> container:
> $ cat /proc/25924/cgroup
> 1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset:/svn
> 
> In other word, if /proc/PID/cgroup exists and in it / is not the last 
> character, then it's a container process.
> 
> tamas




ho!

Very good point !
i will try it in my script
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20110505/b713e3be/attachment.html>

More information about the lxc-users mailing list