[lxc-users] docker in lxc
Serge Hallyn
serge.hallyn at ubuntu.com
Fri Nov 6 22:52:59 UTC 2015
Quoting Maxim Patlasov (mpatlasov at parallels.com):
> Hi Serge,
>
> I had been working for a while on porting proxy-graphdriver-daemon
> to extpoint feature, but then switched to another task. I hope to
> switch back in a week. It would be great if we all together come to
> agreement about universal way to mount something from host to
> container namespace. The simplest way would be to specify the pid of
> container "init" as a command-line arg of proxy-daemon, so it could
> use the pid for setns(2) directly. Is such an approach safe enough
> and will work for all of us?
Surely safe enough. It's too bad that it requires a graphdriver
per docker-using container, and that it breaks up the container
start (I can't start the graphdriver first and just pass the unix
socket into the container), but I think it's ok.
In general, what do we need exactly?
1. Some way to identify target pid. We can
a. pass pid to graphdriver on cmdline
b. we can get pid from peercred
2. A MS_SLAVE directory to allow the mount to be passed from the
host to the container (whereupon it can be moved to its final
destination. This path location needs to be passed to the
graphdriver somehow. In what you suggest we can just pass the
absolute paths (both on the host and in the container) on the
command line as well.
3. An actual request, presumably sent as
some-host-dev-id destination-path
over a unix socket.
More information about the lxc-users
mailing list