slice_path = path
pid = slice_path.split('/')[2]
cmdline = open('/proc/%s/cmdline'%pid).read().rstrip('\n\x00')
- if (cmdline == '/sbin/init'):
+ if (cmdline == '/sbin/init') or (cmdline.startswith("init [")):
slice_spec = slice_path
arch = getarch('/proc/%s/exe'%pid)
break
setns.chcontext('/proc/%s/ns/uts'%pid)
setns.chcontext('/proc/%s/ns/ipc'%pid)
+
+ if (not args.pidns):
+ setns.chcontext('/proc/%s/ns/pid'%pid)
if (not args.netns):
setns.chcontext('/proc/%s/ns/net'%pid)
if (not args.mntns):
setns.chcontext('/proc/%s/ns/mnt'%pid)
- if (not args.pidns):
- setns.chcontext('/proc/%s/ns/pid'%pid)
+
+ proc_mounted = False
if (not os.access('/proc/self',0)):
+ proc_mounted = True
setns.proc_mount()
+
+
# cgroups is not yet LXC-safe, so we need to use the course grained access control
# strategy of unmounting the filesystem
cap_arg = '--drop='+drop_capabilities
if (not args.root):
- exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--','--login']+args.command_to_run
-# Thierry's suggestion:exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+args.command_to_run
+ exec_args = [arch,'/usr/sbin/capsh',cap_arg,'--user=%s'%slice_name,'--','--login',]+args.command_to_run
else:
exec_args = [arch,'/usr/sbin/capsh','--','--login']+args.command_to_run
if debug: print 'lxcsu-internal:execv:','/usr/bin/setarch',exec_args
os.execv('/usr/bin/setarch',exec_args)
else:
+ setns.proc_umount()
_,status = os.waitpid(pid,0)
exit(os.WEXITSTATUS(status))