On Mon, Oct 19, 2009 at 5:24 PM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote: > Quoting Dwight Schauer (dschauer@xxxxxxxxx): >> On Mon, Oct 12, 2009 at 10:03 AM, Serge E. Hallyn <serue@xxxxxxxxxx> wrote: >> > Quoting Dwight Schauer (dschauer@xxxxxxxxx): ---< snip >--- >> Is there anyway to readily know the id of the PID namespace one is in? >> keychain has some issues that I could correct if I could get at the >> PID namespace id. > > No, because pid namespaces don't actually have an id. > > What exactly are the keychain issues? So far the keychain/namespacing > handling is very basic (new user-namespace = new set of keyrings), bc > there really weren't any user requirements to draw on yet. > >> I guess expecting apps like keychain to be namespace aware would be >> like expecting them to be "multiverse" aware. >> >> I know I can pass it in through lxc-execute via an environment >> variable, but I wondered if there was a more standard way. > > Well if there is a clean and safe way to do it (whatever 'it' is) through > environment variable all the better, then we can avoid kernel changes. > But if you need kernel help pls let us know. > > -serge > Ok, the issue is that what is stored in the file that keychain produces is based on PID When logging into a different PID namespace that file is considered stale, because there is not an agent at that pid, so the file is overwritten by keychain. I'd to modify the filename to have the current namespace name (passed in via environment variable) be part of it, so that the proper one is checked by keychain and sourced by my shell It would require a keychain change either way, whether I'd use an environment variable or something was done to the kernel to allow it to be retrieved. A lot of applications that base things off a PID stored in a file will have issues when multiple PID namespaces are in play, and where those files are in the same locations in each container. I'm not asking for any kernel help, an environment variable will suffice. I'll patch keychain, and once I've determined it works correctly, I'll see if the maintainers (The Funtoo folk) will accept the patch. -- Dwight _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers
