[Devel] Re: [lxc-devel] Shutting down a container?

Andrian Nord nightnord at gmail.com
Sat Nov 14 06:47:15 PST 2009


containers@ ml, imo, is more kernel-developing. Your questions are about
userspace and they probably should be asked in ml of userspace utilities
you are using (because implementing many of workarounds of current
kernelspace incapabilities is userspace utilities work, and your problem
may be already solved, but in userspace).

On Sat, Nov 14, 2009 at 02:17:45PM +0300, Michael Tokarev wrote:
> Well, I don't quite see the complexity.  sysvinit here is nothing more
> than an equivalent of run-parts.  It's the /etc/init.d/rc (or whatever
> the path is on your distro) shell script who does all the fun stuff,
> init itself basically does nothing but catching SIGCHLD and (re)starting
> whatever is in inittab (which, in this case, should be very limited).
> 
> So I guess that a custom simple init-alike is all that's needed.  The
> main difference is that it should exit when there's no more processes
> running or after some signal (like /dev/initctl, since process with pid=1
> ignores signals).

Yeap, but sysvinit is universal aproach, so if you use it, you may jasu
use common rc system for container's distro and never mind any problems
with initialising etc (writing a good init is not a trivial task, imo).

> For now I'm not worried about how to signal the "guest" to shut down.
> it can be easily done by, say, attaching something to /dev/tty1 and
> sening a command using lxc-console.  Do unix sockets work between a
> container and "host system" ?

Problem is that
a) lxc-console may not work, if you haven't enabled ttys
b) you may have hudrends of containers

Anyway, attaching to tty is also a bad hack, imo, but just least common =)

No, if you are isolating network, unix sockets will also break. There
is a thread about 'af_unix isolation' at lxc-devel ml, check it for
possible (but, sure, not trivial) workaround.

> 
> What does not work for now is the final step.  init process should exit
> but it does not do that and can't be killed from within the container.
> 
> []

As I said before - you should wait for pids of container and lxc-stop it
when all pids except sysvinit are gone. If you are using custom init,
you may change this behaviour (as you are not worried about kernel panic
or init die anymore) and silently quit when all processes are gone.

> By the way, I for one see no reason why pid=1 in a container is special
> when delivering signals or the like.

It's not special. This is normal behaviour of sysvinit, read it's
manpages.

> That again can be done by placing something into container that will
> ping a given address when everything else is done.

Yes, yes, that is. Questing is in some universal approach, that will
work without hacks or assumptions about container's structure =)
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers




More information about the Devel mailing list