Hi!
I’m new with LXC and I would like to correctly understand how systems calls from/to containers are managed by LXC. I’ve been trying to follow the execution by setting some flags in the code, but It was impossible to see the exact point where signals from/to containers are being managed.
References and documents to read are more than welcome!
Regards,
Ginés.
LXC/LXD, unless system call interception is used (which is almost guaranteed NOT to be the case), setup all the needed namespaces and isolation features with the kernel, then start the container’s init process.
From that point on, all the namespacing is done by the kernel, there is no active handling of system calls or other similar operations inside the container in the common case.
Hi,
thanks a lot for the information!!
Regards,
Ginés.