[Lxc-users] Lxc-users Digest, Vol 30, Issue 11

Matteo Bernardini matteo.bernardini at gmail.com
Mon Jun 18 07:25:34 UTC 2012


in the latest versions of lxc, a man page has been added, I'll copy
and paste from that for your reference

- - -

LXC-ATTACH(1)

                                      LXC-ATTACH(1)

NAME
       lxc-attach - start a process inside a running container.

SYNOPSIS
       lxc-attach -n name [-a arch] [-e] [-- command]

DESCRIPTION
       lxc-attach runs the specified command inside the container
specified by name. The container has to be running already.

       If no command is specified, the current default shell of the
user running lxc-attach will be looked up inside the container and
executed. This will fail if no such user exists inside the container
or the container does not have a working nsswitch mechanism.

OPTIONS
          -a, --arch arch
              Specify the architecture which the kernel should appear
to be running as to the command executed. This option will accept the
same settings as the  lxc.arch  option  in  container    configuration
files, see lxc.conf(5). By default, the current archictecture of the
running container will be used.

          -e, --elevated-privileges
              Do  not drop privileges when running command inside the
container. If this option is specified, the new process will not be
added to the container's cgroup(s) and it will not drop  its
capabilities before executing.

              Warning: This may leak privileges into the container if
the command starts subprocesses that remain active after the main
process that was attached is terminated. The  (re-)starting of daemons
inside the container is problematic, especially if the daemon starts a
lot of subprocesses such as cron or sshd.  Use with great care.

COMMON OPTIONS
       These options are common to most of lxc commands.

       -?, -h, --help
              Print a longer usage message than normal.

       --usage
              Give the usage message

       -q, --quiet
              mute on

       -o, --logfile=FILE
              Output to an alternate log FILE. The default is no log.

       -l, --logpriority=LEVEL
              Set log priority to LEVEL. The default log priority is
ERROR. Possible values are : FATAL, CRIT, WARN, ERROR, NOTICE, INFO,
DEBUG.

              Note that this option is setting the priority of the
events log in the alternate log file. It do not have effect on the
ERROR events log on stderr.

       -n, --name=NAME
              Use container identifier NAME.  The container identifier
format is an alphanumeric string.

EXAMPLES
       To spawn a new shell running inside an existing container, use

                 lxc-attach -n container

       To restart the cron service of a running Debian container, use

                 lxc-attach -n container -- /etc/init.d/cron restart

       To deactivate the network link eth1 of a running container that
does not have the NET_ADMIN capability, use the -e option to use
increased capabilities:

                 lxc-attach -n container -e -- /sbin/ip link delete eth1

SECURITY
       The -e should be used with care, as it may break the isolation
of the containers if used improperly.

SEE ALSO
       lxc(1),  lxc-create(1),  lxc-destroy(1),  lxc-start(1),
lxc-stop(1),  lxc-execute(1), lxc-kill(1), lxc-console(1),
lxc-monitor(1), lxc-wait(1), lxc-cgroup(1), lxc-ls(1), lxc-ps(1), lxc-
       info(1), lxc-freeze(1), lxc-unfreeze(1), lxc-attach(1), lxc.conf(5)

AUTHOR
       Daniel Lezcano <daniel.lezcano at free.fr>




More information about the lxc-users mailing list