[lxc-users] `lxc_attach_run_command` vs normal fork/exec

Serge Hallyn serge.hallyn at ubuntu.com
Mon Mar 17 14:55:25 UTC 2014 

So you are just asking about lxc_attach_run_fn vs.
lxc_attach_run_command?  They're just both there for convenience.  Use
either one.

Quoting Ranjib Dey (dey.ranjib at gmail.com):
> I do have the isolation right? ruby code thats running inside attach can
> not touch host file system,has all the namespace isolation in effect, and
>  is under cgroup controls of the container. any ruby code (say getting
> local users list) executed via attach yields the containers information,
> not host information.
> 
> if i want to run ruby process as service (like a rails based web app) i'll
> certainly install ruby inside the container (might as well just read only
> mount the whole app/ruby installation from host, so that its not duplicate,
> and i have only one version of my deployement code across containers), but
> for management services (like building the container, injecting dynamic
> properties like ldap, apache config etc) which can be facilitated by
> salt/puppet/chef etc.. why those softwares need to be installed inside the
> container? What about monitoring agents .. will you recommend installing an
> NRPE daemon inside every container?
> 
> apologies if im missing something obvious.. i want isolation, but only for
> the deployed services.. for the rest.. i would prefer to reuse host
> apparatus . any my understanding is with LXC (container in general) this is
> feasible ..
> 
> best, ranjib
> 
> 
> On Fri, Mar 14, 2014 at 11:45 AM, Dan Kegel <dank at kegel.com> wrote:
> 
> > On Fri, Mar 14, 2014 at 11:39 AM, Ranjib Dey <dey.ranjib at gmail.com> wrote:
> > > I am trying to understand what is the benefit of lxc_attach_run_command
> > over
> > > normal fork exec.
> >
> > Isolation.  It's kind of a basic property of containers.  If you don't want
> > isolation, why are you using lxc?
> >
> > lxc_attach_run_command brings nothing over from
> > the host system.  If you want a ruby environment inside the
> > container, you need to set it up there before (or during) doing
> > lxc_attach_run_command.
> > - Dan
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> >

> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users

More information about the lxc-users mailing list