Hi,
>> I think /dev is the safest at the moment. Arguably it's wrong as it's
>> not an actual device node, but it's the only directory that lxc already
>> requires all distros not to mess with (or we wouldn't have working
>> console, tty, ...).
>
> What are some other alternatives?
>
> We could use some sysvipc mechanism - just have the container share
> the ipcns with the monitor.
The socket approach has the advantage that it can still be scripted from
the shell - my guess would be that this becomes really hard with sysvipc.
> We could create a directory (default /container, specifiable in
> the container config) where such communication files will be
> mounted. Let the per-distro templates set up the location and
> the distro-userspace to work together.
Since other people in this thread have expressed interest in having some
general kind of directory to communicate with the container, perhaps
this really is the best idea. Then this would consist of the following:
1) Create a directory that is shared between host and container
More specifically:
- mount a tmpfs with size=512k and nr_inodes=512
(should be MORE than sufficient to put a few sockets or
similar there) to /var/lib/lxc/$name/interface (or wherever)
- just before pivot_root: bind-mount it to /container or
any place specified in the config
2) Create a lxc-specific socket inside /var/lib/lxc/$name/interface
for status notifications when the mainloop is started.
3) Other applications may choose to put sockets there for their own
purposes if they whish.
The small tmpfs will make sure that the container can't do a disk space
denial-of-service on the host.
Thoughts?
> Others?
My guess is that other methods would certainly be possible but unless
I'm missing something obvious, I don't think there's anything out there
that isn't quite a bit more complicated than all the solutions discussed
here.
Regards,
Christian
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
