~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108 : contents of doc/lxc-attach.1 at revision 106

~ubuntu-branches/ubuntu/quantal/lxc/quantal-201205292108 : (revision 106)
.\" This manpage has been automatically generated by docbook2man 
.\" from a DocBook document.  This tool can be found at:
.\" <http://shell.ipoline.com/~elmert/comp/docbook2X/> 
.\" Please send any bug reports, improvements, comments, patches, 
.\" etc. to Steve Cheng <steve@ggi-project.org>.
.TH "LXC-ATTACH" "1" "02 March 2012" "" ""

.SH NAME
lxc-attach \- start a process inside a running container.
.SH SYNOPSIS

\fBlxc-attach \fI-n
name\fB [-a
arch] [-e]
[-- command]\fR

.SH "DESCRIPTION"
.PP
\fBlxc-attach\fR runs the specified
\fIcommand\fR inside the container
specified by \fIname\fR\&. The container
has to be running already.
.PP
If no \fIcommand\fR is specified, the
current default shell of the user running
\fBlxc-attach\fR will be looked up inside the
container and executed. This will fail if no such user exists
inside the container or the container does not have a working
nsswitch mechanism.
.SH "OPTIONS"
.TP
\fB   -a, --arch \fIarch\fB \fR
Specify the architecture which the kernel should appear to be
running as to the command executed. This option will accept the
same settings as the \fBlxc.arch\fR option in
container configuration files, see
\fB\fIlxc.conf\fB\fR(5)\&. By default, the current archictecture of the
running container will be used.
.TP
\fB   -e, --elevated-privileges \fR
Do not drop privileges when running
\fIcommand\fR inside the container. If
this option is specified, the new process will
\fBnot\fR be added to the container's cgroup(s)
and it will not drop its capabilities before executing.

\fBWarning:\fR This may leak privileges into the
container if the command starts subprocesses that remain active
after the main process that was attached is terminated. The
(re-)starting of daemons inside the container is problematic,
especially if the daemon starts a lot of subprocesses such as
\fBcron\fR or \fBsshd\fR\&.
\fBUse with great care.\fR
.SH "COMMON OPTIONS"
.PP
These options are common to most of lxc commands.
.TP
\fB-?, -h, --help\fR
Print a longer usage message than normal.
.TP
\fB--usage\fR
Give the usage message
.TP
\fB-q, --quiet\fR
mute on
.TP
\fB-o, --logfile=\fIFILE\fB\fR
Output to an alternate log
\fIFILE\fR\&. The default is no log.
.TP
\fB-l, --logpriority=\fILEVEL\fB\fR
Set log priority to
\fILEVEL\fR\&. The default log
priority is ERROR\&. Possible values are :
FATAL, CRIT,
WARN, ERROR,
NOTICE, INFO,
DEBUG\&.

Note that this option is setting the priority of the events
log in the alternate log file. It do not have effect on the
ERROR events log on stderr.
.TP
\fB-n, --name=\fINAME\fB\fR
Use container identifier \fINAME\fR\&.
The container identifier format is an alphanumeric string.
.SH "EXAMPLES"
.PP
To spawn a new shell running inside an existing container, use

.nf
          lxc-attach -n container
        
.fi
.PP
To restart the cron service of a running Debian container, use

.nf
          lxc-attach -n container -- /etc/init.d/cron restart
        
.fi
.PP
To deactivate the network link eth1 of a running container that
does not have the NET_ADMIN capability, use the \fB-e\fR
option to use increased capabilities:

.nf
          lxc-attach -n container -e -- /sbin/ip link delete eth1
        
.fi
.SH "SECURITY"
.PP
The \fB-e\fR should be used with care, as it may break
the isolation of the containers if used improperly.
.SH "SEE ALSO"
.PP
\fBlxc\fR(1),
\fBlxc-create\fR(1),
\fBlxc-destroy\fR(1),
\fBlxc-start\fR(1),
\fBlxc-stop\fR(1),
\fBlxc-execute\fR(1),
\fBlxc-kill\fR(1),
\fBlxc-console\fR(1),
\fBlxc-monitor\fR(1),
\fBlxc-wait\fR(1),
\fBlxc-cgroup\fR(1),
\fBlxc-ls\fR(1),
\fBlxc-ps\fR(1),
\fBlxc-info\fR(1),
\fBlxc-freeze\fR(1),
\fBlxc-unfreeze\fR(1),
\fBlxc-attach\fR(1),
\fBlxc.conf\fR(5)
.SH "AUTHOR"
.PP
Daniel Lezcano <daniel.lezcano@free.fr>