All comments applied except for comments below. Also additional cleanup of error handling. > You'll need to call virGetUserDirectory() before any fork(), since it > calls code which is not async-signal safe. The reason I did this is I needed to call it after the shell setuid, if I call it earlier it sees the UID=0 and gives me /root. I added a new interface char *virGetUserDirectoryByUID(uid_t uid); Since the original interface does not take a UID. > Hmm, looking at this again, I'm wondering you need to fork() > at all. In virsh we do the double-fork dance, because virsh > is an interactive shell & we don't want to affect other parts > of virsh. > This login shell though is different - its only job is to run > inside the namespace. So can't the main process just enter > the namespace directly ? I think you still need to do the second fork to make sure the /bin/sh PID gets put in the container. Otherwise you will have a process running within the container without a local PID. [PATCH] virt-login-shell joins users into lxc container. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list