Re: [PATCH lxc 2/2] lxc-unshare: make CLONE_NEWPID imply CLONE_NEWNS

[Daniel Lezcano <dlezcano-NmTC/0ZBporQT0dZR+AlfA@public.gmane.org>]

On 05/13/2010 09:34 PM, Serge E. Hallyn wrote:
> I would like to also automatically have /proc remounted, but
> that would require digging deeper into lxc_clone.

You should not make that automatically, especially in lxc-clone because 
this function is just for cloning a process in a new namespace, nothing 
more. We may want to access /proc after cloning, for example to reach 
/proc/<pid>/ns/*. The automatic mount, should be done in your child 
reaper (like lxc-init), otherwise let the container init to run the 
services and mount /proc.

In the case of lxc_unshare, you can add a new option to remount /proc 
when there is the pidns or the mountns options.

Otherwise, adding the NEWNS with the NEWPID makes sense for me.

Don't forget lxc_unshare is a simple tool, it is not supposed to replace 
lxc-start/lxc-execute, at least it should do a bit more than the 
"unshare" command.

> Mind you perhaps having NEWPID imply NEWNS should be done there,
> at src/lxc/namespace.c:lxc_clone anyway.  I'm starting here...
> Won't be offended if it's rejected on those grounds :)
>
> Signed-off-by: Serge E. Hallyn<serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
> ---
>   src/lxc/lxc_unshare.c |    4 ++++
>   1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/src/lxc/lxc_unshare.c b/src/lxc/lxc_unshare.c
> index 8db1cb7..8531b59 100644
> --- a/src/lxc/lxc_unshare.c
> +++ b/src/lxc/lxc_unshare.c
> @@ -49,6 +49,7 @@ void usage(char *cmd)
>   			"\t           MOUNT, PID, UTSNAME, IPC, USER, NETWORK\n");
>   	fprintf(stderr, "\t -u<id>  : new id to be set if -s USER is specified\n");
>   	fprintf(stderr, "\t if -s PID is specified,<command>  is mandatory)\n");
> +	fprintf(stderr, "\t If -s PID is specified, then -s MOUNT is implied\n");
>   	_exit(1);
>   }
>
> @@ -213,6 +214,9 @@ int main(int argc, char *argv[])
>    	if (ret)
>   		usage(argv[0]);
>
> +	if (flags&  CLONE_NEWPID)
> +		flags |= CLONE_NEWNS;
> +
>   	if (!(flags&  CLONE_NEWUSER)&&  uid != -1) {
>   		ERROR("-u<uid>  needs -s USER option");
>   		return 1;