Scroll to navigation

LXC-ATTACH(1) LXC-ATTACH(1)

NAME

lxc-attach - start a process inside a running container.

SYNOPSIS

lxc-attach -n name [-a arch] [-e] [-- command]
 

DESCRIPTION

lxc-attach runs the specified command inside the container specified by name. The container has to be running already.
If no command is specified, the current default shell of the user running lxc-attach will be looked up inside the container and executed. This will fail if no such user exists inside the container or the container does not have a working nsswitch mechanism.

OPTIONS

-a, --arch arch
Specify the architecture which the kernel should appear to be running as to the command executed. This option will accept the same settings as the lxc.arch option in container configuration files, see lxc.conf(5). By default, the current archictecture of the running container will be used.
-e, --elevated-privileges
Do not drop privileges when running command inside the container. If this option is specified, the new process will not be added to the container's cgroup(s) and it will not drop its capabilities before executing.
 
Warning: This may leak privileges into the container if the command starts subprocesses that remain active after the main process that was attached is terminated. The (re-)starting of daemons inside the container is problematic, especially if the daemon starts a lot of subprocesses such as cron or sshd. Use with great care.

COMMON OPTIONS

These options are common to most of lxc commands.
-?, -h, --help
Print a longer usage message than normal.
--usage
Give the usage message
-q, --quiet
mute on
-o, --logfile=FILE
Output to an alternate log FILE. The default is no log.
-l, --logpriority=LEVEL
Set log priority to LEVEL. The default log priority is ERROR. Possible values are : FATAL, CRIT, WARN, ERROR, NOTICE, INFO, DEBUG.
 
Note that this option is setting the priority of the events log in the alternate log file. It do not have effect on the ERROR events log on stderr.
-n, --name=NAME
Use container identifier NAME. The container identifier format is an alphanumeric string.

EXAMPLES

To spawn a new shell running inside an existing container, use
 
          lxc-attach -n container
To restart the cron service of a running Debian container, use
 
          lxc-attach -n container -- /etc/init.d/cron restart
To deactivate the network link eth1 of a running container that does not have the NET_ADMIN capability, use the -e option to use increased capabilities:
 
          lxc-attach -n container -e -- /sbin/ip link delete eth1

SECURITY

The -e should be used with care, as it may break the isolation of the containers if used improperly.

SEE ALSO

lxc(1), lxc-create(1), lxc-destroy(1), lxc-start(1), lxc-stop(1), lxc-execute(1), lxc-kill(1), lxc-console(1), lxc-monitor(1), lxc-wait(1), lxc-cgroup(1), lxc-ls(1), lxc-ps(1), lxc-info(1), lxc-freeze(1), lxc-unfreeze(1), lxc-attach(1), lxc.conf(5)

AUTHOR

Daniel Lezcano <daniel.lezcano@free.fr>
Mon Dec 16 11:31:06 UTC 2013