New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

attach: simplify significantly #2047

merged 3 commits into from Dec 21, 2017


2 participants

brauner commented Dec 18, 2017

Signed-off-by: Christian Brauner

@brauner brauner requested a review from hallyn Dec 18, 2017

@brauner brauner added Blocked and removed Blocked labels Dec 19, 2017

@brauner brauner changed the title from attach: make attach work with hidepid={1,2} to attach: simplify significantly Dec 20, 2017

brauner added some commits Dec 18, 2017

attach: simplify significantly
Signed-off-by: Christian Brauner <>
attach: use lxc_raw_clone()
This let's us simplify the whole file a lot and makes things way clearer. It
also let's us avoid the infamous pid cache.

Signed-off-by: Christian Brauner <>
attach: handle /proc with hidepid={1,2} property
Receive fd for LSM security module before we set{g,u}id(). The reason is that
on set{g,u}id() the kernel will a) make us undumpable and b) we will change our
effective uid. This means our effective uid will be different from the
effective uid of the process that created us which means that this processs no
longer has capabilities in our namespace including CAP_SYS_PTRACE. This means
we will not be able to read and /proc/<pid> files for the process anymore when
/proc is mounted with hidepid={1,2}. So let's get the lsm label fd before the

Signed-off-by: Christian Brauner <>

@hallyn hallyn merged commit b5b200c into lxc:master Dec 21, 2017

4 checks passed

Branch target Branch target is correct
Signed-off-by All commits signed-off
Testsuite Testsuite passed
continuous-integration/travis-ci/pr The Travis CI build passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment