Hi there, this is my third (and hopefully final :)) patch series for partial namespaces in lxc-attach. I've made the following changes to the previous versions:
- Split up the patches a tiny bit more, should make the changes a bit clearer. - I actually encountered a problem with pid namespaces that I introduced when I first added cgroup attaching support to lxc-attach: For pid namespaces, only the children of the process doing setns() are really 100% in the namespace, so the process doing setns() won't get a new pid and if that process remounts /proc, it will still show the host's and not the container's contents. So I've changed it up a bit to make the setns() call again before the fork() - but then I had to adapt the cgroup logic. The current solution is the simplest I could come up with. This is the patch #2. - lxc-start now has a command interface (patch #1) that is used to retrieve the clone flags and to attach only to those namespaces when running lxc-attach without any parameters (patch #3) Regards, Christian ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
