se...@us.ibm.com wrote:
>Just to be clear, it's the namespaces, not the cgroups, which don't
>allow this. We've floated 'sys_hijack' a few times as a way to create
>a child which actually inherits its namespaces from a different specified
>task, which would give you what you need, but it's a tough sell since
>userspace can work around it.
I have a slightly different requirement: I need a way to move the
*current* process inside an existing namespace (and its associated
cgroups).
I use this on custom openvz-based systems to support very lightweight
containers which can use e.g. sshd and cron from the host system thanks
to a libpam_vz module which transparently enters the container when
needed.
This is very easy to implement with the openvz kernel (just add errors
checking):
vzfd = open(VZCTLDEV, O_RDWR);
setluid(veid);
env_create.veid = veid;
env_create.flags = VE_ENTER;
ioctl(vzfd, VZCTL_ENV_CREATE, &env_create);
close(vzfd);
but I really want to move away from openvz since clearly Parallels
only cares about supporting RHEL and has not released yet a 2.6.32
kernel.
libpam_vz is GPL'ed: http://ftp.linux.it/pub/People/md/libpam-vz/ .
Is there any way to do this with containers?
--
ciao,
Marco
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
