On Fri, Apr 17, 2009 at 09:39:19AM -0500, Serge E. Hallyn wrote:
Quoting Daniel P. Berrange (berra...@redhat.com):
Calling unshare(CLONE_NEWNS) will not prevent the host OS from
seeing the new /dev/pts if / was MS_SHARED. That isn't taken
care of anywhere else for this process's
Quoting Daniel P. Berrange (berra...@redhat.com):
This patch attached now just makes it MS_SLAVE. There's no need for the
extra SHARED flag, since the only process libvirt_lxc spawns is the 'init'
process inside the container and that immediately makes its own root
private.
Thanks, this
On Wed, Apr 15, 2009 at 01:55:18PM -0500, Serge E. Hallyn wrote:
...
Index: src/lxc_container.c
===
...
This all looks good, though I haven't tested it yet.
+/*
+ * If doing a chroot style setup, we need to
One of the current flaws in the LXC driver is that when doing the better-
chroot-than-chroot mode setup, /dev/pts leaks the parent OS TTYs into
the container.
As of 2.6.29 it is possible to create new instances of /dev/pts by passing
the 'newinstance' flag to mount. In this way /dev/pts inside
Quoting Daniel P. Berrange (berra...@redhat.com):
This change seemed to fix that problem with no ill-effects.
-if (chroot(oldroot) 0) {
-virReportSystemError(NULL, errno, %s,
- _(failed to chroot into tmpfs));
-goto err;
-}
-
-if