On 2/14/2011 6:50 PM, Trent W. Buck wrote: > Daniel Lezcano<[email protected]> writes: > >> As a quick fix, I suggest you look what application created the new >> namespace. Launch your container and then look at >> /cgroup/blackbird/1234/tasks and look for the command line associated >> with the pid in this file. I suspect vsftpd could be the culprit. If >> this is the case, there is an option to disable the namespace >> creation. > > Or, of course, pick a different application :-) > > If it is vsftpd, I *strongly* recommend switching to SFTP (part of SSH) > for writes, and HTTP for reads. http://mywiki.wooledge.org/FtpMustDie
Well, of course, but what's that got to do with LXC or the namespace trick that vsftpd happens to use? Your observations, which everyone already knows, show that the ftp protocol is problematic. Granted but so what? The discussion here is how to get all commonly used tools working within containers, using lxc, that are currently used outside of containers, not what tools to use. 3 things: 1) The vstftpd problem is not a problem with the ftp protocol. Apache or any other service or app that meets your religious or aesthetic approval might have the same or similar problem at any time. Here we are only interested in containerizing anything that currently is done on traditional servers. For better or for worse, FTP is widely used on trandtional servers, and specifically vsftpd is. And so the discussion is about how to use vsftpd within a container, not whether to use ftp. 2) As if everyone has any choice in the matter anyway, since most use of any communication protocol, such as ftp, involve two different parties, not yourself at both ends. Even if you were so gauche as to try to dictate internal IT policies and procedures and technologies to your own customers and vendors, you still don't get to dictate to 2nd or more removed customers and vendors of your own customers and vendors. So when _big honking global bank/manufacturer/retailer/shipper/etc_ says they will ftp to you or you to them, you just *&^*7 do it. Oh you can offer the alternatives, and occasionally you get lucky, but that doesn't remove the need to make ftp work. Same goes for every other commonly used technology that you don't happen to personally like. 3) What makes http so special only for reading and sftp so special only for writing? Depending on my security needs and other factors I routinely use http for writing and/or sftp for reading. I also use rsync (native, not via ssh or rsh) for both reading and writing in many situations where most people use ftp or sftp or http. Conversely I never use nfs and only use samba extremely rarely, but I'm sure these technologies are perfectly justifiable and required for other people in other situations. Choice of tool is completely dependent on the job at hand and it's utterly silly to try to say what should and should not be used except within the context of a specific job, and then the answer only applies to that one specific job in that one specific context. -- bkw ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Lxc-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/lxc-users
