int main(int argc, char *argv[])
{
int ret;
pid_t pid;
lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT;
lxc_attach_command_t command;
ret = lxc_caps_init();
if (ret)
return ret;
ret = lxc_arguments_parse(&my_args, argc, argv);
if (ret)
return ret;
if (!my_args.log_file)
my_args.log_file = "none";
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret)
return ret;
lxc_log_options_no_override();
if (remount_sys_proc)
attach_options.attach_flags |= LXC_ATTACH_REMOUNT_PROC_SYS;
if (elevated_privileges)
attach_options.attach_flags &= ~(elevated_privileges);
attach_options.namespaces = namespace_flags;
attach_options.personality = new_personality;
attach_options.env_policy = env_policy;
attach_options.extra_env_vars = extra_env;
attach_options.extra_keep_env = extra_keep;
if (my_args.argc) {
command.program = my_args.argv[0];
command.argv = (char**)my_args.argv;
ret = lxc_attach(my_args.name, my_args.lxcpath[0], lxc_attach_run_command, &command, &attach_options, &pid);
} else {
ret = lxc_attach(my_args.name, my_args.lxcpath[0], lxc_attach_run_shell, NULL, &attach_options, &pid);
}
if (ret < 0)
return -1;
ret = lxc_wait_for_pid_status(pid);
if (ret < 0)
return -1;
if (WIFEXITED(ret))
return WEXITSTATUS(ret);
return -1;
}
int go_lxc_attach(struct lxc_container *c, bool clear_env) {
int ret;
pid_t pid;
lxc_attach_options_t attach_options = LXC_ATTACH_OPTIONS_DEFAULT;
attach_options.env_policy = LXC_ATTACH_KEEP_ENV;
if (clear_env) {
attach_options.env_policy = LXC_ATTACH_CLEAR_ENV;
}
/*
remount_sys_proc
When using -s and the mount namespace is not included, this flag will cause lxc-attach to remount /proc and /sys to reflect the current other namespace contexts.
default_options.attach_flags |= LXC_ATTACH_REMOUNT_PROC_SYS;
elevated_privileges
Do not drop privileges when running command inside the container. If this option is specified, the new process will not be added to the container's cgroup(s) and it will not drop its capabilities before executing.
default_options.attach_flags &= ~(LXC_ATTACH_MOVE_TO_CGROUP | LXC_ATTACH_DROP_CAPABILITIES | LXC_ATTACH_APPARMOR);
Specify the namespaces to attach to, as a pipe-separated list, e.g. NETWORK|IPC. Allowed values are MOUNT, PID, UTSNAME, IPC, USER and NETWORK.
default_options.namespaces = namespace_flags; // lxc_fill_namespace_flags(arg, &namespace_flags);
Specify the architecture which the kernel should appear to be running as to the command executed.
default_options.personality = new_personality; // lxc_config_parse_arch(arg);
Keep the current environment for attached programs.
Clear the environment before attaching, so no undesired environment variables leak into the container.
default_options.env_policy = env_policy; // LXC_ATTACH_KEEP_ENV or LXC_ATTACH_CLEAR_ENV
default_options.extra_env_vars = extra_env;
default_options.extra_keep_env = extra_keep;
*/
ret = c->attach(c, lxc_attach_run_shell, NULL, &attach_options, &pid);
if (ret < 0)
return -1;
ret = lxc_wait_for_pid_status(pid);
if (ret < 0)
return -1;
if (WIFEXITED(ret))
return WEXITSTATUS(ret);
return -1;
}
static PyObject *
Container_attach_and_possibly_wait(Container *self, PyObject *args,
PyObject *kwds, int wait)
{
struct lxc_attach_python_payload payload = { NULL, NULL };
lxc_attach_options_t *options = NULL;
long ret;
pid_t pid;
if (!PyArg_ParseTuple(args, "O|O", &payload.fn, &payload.arg))
return NULL;
if (!PyCallable_Check(payload.fn)) {
PyErr_Format(PyExc_TypeError, "attach: object not callable");
return NULL;
}
options = lxc_attach_parse_options(kwds);
if (!options)
return NULL;
ret = self->container->attach(self->container, lxc_attach_python_exec,
&payload, options, &pid);
if (ret < 0)
goto out;
if (wait) {
ret = lxc_wait_for_pid_status(pid);
/* handle case where attach fails */
if (WIFEXITED(ret) && WEXITSTATUS(ret) == 255)
ret = -1;
} else {
ret = (long)pid;
}
out:
lxc_attach_free_options(options);
return PyLong_FromLong(ret);
}
