[Devel] Re: LXC PIDs, UIDs, and halt
Dwight Schauer
dschauer at gmail.com
Tue Oct 20 18:05:36 PDT 2009
On Mon, Oct 19, 2009 at 5:24 PM, Serge E. Hallyn <serue at us.ibm.com> wrote:
> Quoting Dwight Schauer (dschauer at gmail.com):
>> On Mon, Oct 12, 2009 at 10:03 AM, Serge E. Hallyn <serue at us.ibm.com> wrote:
>> > Quoting Dwight Schauer (dschauer at gmail.com):
---< snip >---
>> Is there anyway to readily know the id of the PID namespace one is in?
>> keychain has some issues that I could correct if I could get at the
>> PID namespace id.
>
> No, because pid namespaces don't actually have an id.
>
> What exactly are the keychain issues? So far the keychain/namespacing
> handling is very basic (new user-namespace = new set of keyrings), bc
> there really weren't any user requirements to draw on yet.
>
>> I guess expecting apps like keychain to be namespace aware would be
>> like expecting them to be "multiverse" aware.
>>
>> I know I can pass it in through lxc-execute via an environment
>> variable, but I wondered if there was a more standard way.
>
> Well if there is a clean and safe way to do it (whatever 'it' is) through
> environment variable all the better, then we can avoid kernel changes.
> But if you need kernel help pls let us know.
>
> -serge
>
Ok, the issue is that what is stored in the file that keychain
produces is based on PID
When logging into a different PID namespace that file is considered
stale, because there is not an agent at that pid, so the file is
overwritten by keychain.
I'd to modify the filename to have the current namespace name (passed
in via environment variable) be part of it, so that the proper one is
checked by keychain and sourced by my shell
It would require a keychain change either way, whether I'd use an
environment variable or something was done to the kernel to allow it
to be retrieved.
A lot of applications that base things off a PID stored in a file will
have issues when multiple PID namespaces are in play, and where those
files are in the same locations in each container.
I'm not asking for any kernel help, an environment variable will suffice.
I'll patch keychain, and once I've determined it works correctly, I'll
see if the maintainers (The Funtoo folk) will accept the patch.
-- Dwight
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list