When playing with unshare and LXC, I found that it is easy to start one program in a detached namespace, but starting more programs in the same namespace is not that easy. As far as I know, usually heavyweight approach with virtual network and SSH is used and programs started inside containers like on the remote host; while I wanted just something like:
unshare -n one_program unshare -n --network-namespace-of `pidof one_program` other_program This is not available, so I implemented dived and dive: you start "dived" inside a container and use "dive" that connects to the UNIX socket from outside (the socket should be on some filesystem shared between container and host) to start your program inside, like "diving" into the namespace. This is especially useful when you don't want to run a fully-fledged system with networking, daemons, etc., but want to introduce only some aspects of containers. Now it supports various options for starting programs (changing user/group, capabilities/securebits, chrooting, starting external program for authentication), you can control what should be preserved (argv, environment, FDs, root directory). It can also work as simple sudo, chroot, unshare, daemon, capsh. The goal is "to start programs in various ways, like 'socat' using sockets in various ways". There is less featureful (less bloated) version in "nocreep" branch. Usage examples and downloads: http://vi.github.com/dive/ Github: https://github.com/vi/dive There are source and binary deb packages available. Do you find the project useful? Are there any suggestions? ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
