-
python: add attach support · d7a09c63Christian Seiler authored
Add methods attach() and attach_wait() to the Python API that give access to the attach functionality of LXC. Both accept two main arguments: 1. run: A python function that is executed inside the container 2. payload: (optional) A parameter that will be passed to the python function Additionally, the following keyword arguments are supported: attach_flags: How attach should operate, i.e. whether to attach to cgroups, whether to drop capabilities, etc. The following constants are defined as part of the lxc module that may be OR'd together for this option: LXC_ATTACH_MOVE_TO_CGROUP LXC_ATTACH_DROP_CAPABILITIES LXC_ATTACH_SET_PERSONALITY LXC_ATTACH_APPARMOR LXC_ATTACH_REMOUNT_PROC_SYS LXC_ATTACH_DEFAULT namespaces: Which namespaces to attach to, as defined as the flags that may be passed to the clone(2) system call. Note: maybe we should export these flags too. personality: The personality of the process, it will be passed to the personality(2) syscall. Note: maybe we should provide access to the function that converts arch into personality. initial_cwd: The initial working directory after attaching. uid: The user id after attaching. gid: The group id after attaching. env_policy: The environment policy, may be one of: LXC_ATTACH_KEEP_ENV LXC_ATTACH_CLEAR_ENV extra_env_vars: A list (or tuple) of environment variables (in the form KEY=VALUE) that should be set once attach has succeeded. extra_keep_env: A list (or tuple) of names of environment variables that should be kept regardless of policy. stdin: A file/socket/... object that should be used as stdin for the attached process. (If not a standard Python object, it has to implemented the fileno() method and provide a fd as the result.) stdout, stderr: See stdin. attach() returns the PID of the attached process, or -1 on failure. attach_wait() returns the return code of the attached process after that has finished executing, or -1 on failure. Note that if the exit status of the process is 255, -1 will also be returned, since attach failures result in an exit code of 255. Two default run functions are also provided in the lxc module: attach_run_command: Runs the specified command attach_run_shell: Runs a shell in the container Examples (assumeing c is a Container object): c.attach_wait(lxc.attach_run_command, 'id') c.attach_wait(lxc.attach_run_shell) def foo(): print("Hello World") # the following line is important, otherwise the exit code of # the attached program will be -1 # sys.exit(0) will also work return 0 c.attach_wait(foo) c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup']) c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup'], attach_flags=(lxc.LXC_ATTACH_DEFAULT & ~lxc.LXC_ATTACH_MOVE_TO_CGROUP)) Note that while it is possible to execute Python code inside the container by passing a function (see example), it is unwise to import modules, since there is no guarantee that the Python installation inside the container is in any way compatible with that outside of it. If you want to run Python code directly, please import all modules before attaching and only use them within the container. Signed-off-by:Christian Seiler <christian@iwakd.de> Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
d7a09c63
×