Quoting Ranjib Dey (dey.ran...@gmail.com): > Hi, > Apologies in advance if im asking something stupid. > Im trying to use nsenter with lxc. it works fine with systemd-nspawn based > containers, but not with lxc based containers. Im using ubuntu 14.04 and > nsenter from util-linux 2.24 and lxc 1.0.0alpha3. From whatever i can > search /read in internet, this does not work, but im trying to understand > why. i can see the /proc/CONTAINER_PID/ns/* entries, and if i understand > correctly nsenter uses this information to execute commands. Whats I am not > able to understand is that nsenter executes successfully but inside the > container it shows the host os , with all privileges. i have tried
nsenter won't change yoru apparmor profile or probably set your caps, so 'with all privileges' is expected unless you are using a user ns. not sure what you mean by 'shows the host os'. You mean / is the host's /? that could be due to the fact that we don't chroot but rather pivot_root, maybe nsenter doesn't account for that. > explicitly specifying the containers rootfs and root directory or working > directory in nsenter, but that does not fixes the problem. > > I read couple of mailing list archive on this, and it was recommended not > to use nsenter against lxc. If anyone can explain why this is so (or give > some pointers to resources that can explain this), that will be very > helpful. It should 'work' in that it should change your namespaces, but nevertheless I'd recommend using lxc-usnhare instead of nsenter. -serge ------------------------------------------------------------------------------ Sponsored by Intel(R) XDK Develop, test and display web and hybrid apps with a single code base. Download it for free now! http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk _______________________________________________ lxc-users mailing list lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
