Please stop discussing this here. Aside from the fact that your goal is insulting to your users and anathema to open source, containers can not help you with your goal. Users always have been able to, as root on the host, ptrace-attach to your task. Options like disabling the pidns (which Vijay was suggesting) or using a custom LSM require you to prevent the user from running a custom kernel.
Perhaps you really want to sell your software on a little usb-disk-sized mini-processor talking to the user's computer over usb3. That would be more platform-independent, safer for you, and safer for the user, and given the value you place on your software should be worth the cost. Quoting Claudio Cesar Sanchez Tejeda ([email protected]): > Thanks! > > But... how can I remove the pid of the namespace? > > What functionalities are we going to lose by removing the pid? > > Regards. > > On Fri, Jan 9, 2015 at 9:02 PM, Vijay Viswanathan <[email protected]> > wrote: > > There is no straight forward way. > > > > There is one hack with some functionality sacrifice. > > You could remove the pid namespace and start your container and > > lxc-attach will break. > > > > lxc-attach: No such file or directory - failed to open '/proc/4579/ns/pid' > > lxc-attach: failed to enter the namespace > > > > > > > > On Tue, Jan 6, 2015 at 11:15 AM, Claudio Cesar Sanchez Tejeda > > <[email protected]> wrote: > >> Hi, > >> > >> Does someone know how I can disable the lxc-attach command / functionality? > >> > >> I wan't to create a complete isolated LXC container, and I don't want > >> that someone could start processes or enter to the container using a > >> shell (or run commands). > >> > >> Regards. > >> _______________________________________________ > >> lxc-users mailing list > >> [email protected] > >> http://lists.linuxcontainers.org/listinfo/lxc-users > > _______________________________________________ > > lxc-users mailing list > > [email protected] > > http://lists.linuxcontainers.org/listinfo/lxc-users > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
