Hi Well if I need to run anything in the container context, short of entering it through e.g. ssh - hoping this is properly set up - well, I can’t.. I am using libvirt / lxc to set up a build box; essentially every night I would spawn a set of fresh VMs of some flavours (fedora18, ubuntu, what not) and use this to rebuild my system from scratch In this context it’s a real hassle to have to even set up ssh, there is no good reason for the build VM to run an ssh service at all, and I am concerned it might pull dependencies that I do not need/want I’d much rather have a direct means to just run some command inside the container. Admittedly I’m brain-damaged after having used vservers for too long, and their ‘vserver <container> exec command to run’ feature is in my genes now ;) Now maybe I am the one who is missing something and there already is something to do that ? Using the trick below I essentially have what I need mind you, I’m just concerned that it kind of works by accident :-) Thanks for the feedback in any case — Thierry On 20 Jan 2014, at 12:49, Daniel P. Berrange <berrange@xxxxxxxxxx> wrote: > On Mon, Jan 20, 2014 at 11:38:08AM +0100, Thierry Parmentelat wrote: >> Hello there >> >> I am trying to locate the namespaces in place for a given lxc container (specifically /proc/<pid>/ns/*) >> >> And to this end I was wondering what is the recommended way to probe for an lxc container's init pid >> (mostly I'm after the mnt and pid namespaces, and probably network ones, but the actual list probably should not matter) >> >> I've found about "virsh domid" but this gives me the pid for libvirt_lxc, which turns out to have unmodified namespaces (at least as far as the mnt ns) >> OTOH this process has exactly one child which is the container's init, which seems to have the right set of namespaces >> >> My angle right now is to look in /proc/<domid_pid>/task/children for a - hopefully single - pid and >> that seems to work for now, but I am concerned this code may be fragile so I would rather use a more >> robust approach; or maybe this is robust ? > > We don't really wish to expose the container PIDs to the host or namespace > details to client apps. Can you give more info about what you're trying to > achieve overall. I'd like to understand if there's some higher level API > we're missing that would more directly address your needs. > > > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| > |: http://libvirt.org -o- http://virt-manager.org :| > |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| > |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list