Bug#620921: [lxc-devel] Detecting a non-root container
On 04/12/2011 04:14 PM, Marco d'Itri wrote: On Apr 12, Daniel Lezcano wrote: At the first glance udev events are supported in the container. But for the sake of optimization, I recommend to not use it as it will trigger the events in all the containers. This looks wrong... containers should not be able to trigger events which affect the host system. Yes, I agree. This is something we should take care at the kernel level. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#620921: [lxc-devel] Detecting a non-root container
On 04/11/2011 02:47 AM, Marco d'Itri wrote: On Apr 06, Daniel Lezcano wrote: I would not rely on that because lxc may evolve to not use the cgroup if not present. If you use upstart, you can check the 'container=lxc' env variable in the udev init script in order to know if you are in a container. Otherwise for sysvrc init, I don't know how to handle that. If the container does not support handling uevents then /sys/kernel/uevent_helper should not exist. This is how openvz behaves. At the first glance udev events are supported in the container. But for the sake of optimization, I recommend to not use it as it will trigger the events in all the containers. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#620921: [lxc-devel] Detecting a non-root container
On 04/05/2011 09:23 PM, Cyril Brulebois wrote: Hi LXC folks, from my bug report against udev, so that it doesn't try to start when running in a non-root container: Marco d'Itri (05/04/2011): On Apr 05, Cyril Brulebois wrote: from a quick glance, it looks like running udev in a linux container isn't supported, so I guess it might make sense to use a check similar to is_chrooted in its postinst to decide whether to start the daemon. No objections, but please come back with a detection method which is sanctioned by the LXC people. Could you please advise on the best way to detect running in a non-root container? It looks like grepping /proc/1/cgroup for :/$ could be a way to determine that (as opposed to :/foo$ in a "foo" container). Can you please confirm? I would not rely on that because lxc may evolve to not use the cgroup if not present. If you use upstart, you can check the 'container=lxc' env variable in the udev init script in order to know if you are in a container. Otherwise for sysvrc init, I don't know how to handle that. Thanks -- Daniel -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
