This change makes lxc-attach and the matching API functions work
properly with unprivileged containers.
The trick needed to make that possible was to always start with the
userns when attaching and also relocate the cgroup management code so
that the intermediate process is moved to the cgroup before attaching to
the container's namespace as doing so later would fail due to missing
permissions.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
projects / thirdparty / lxc.git / commit
