Back to

Command lxd

v0.0.0 (f04acd1)
Latest Go to latest
Published: 2 hours ago | License: Apache-2.0 | Module:


forkdns provides a specialised DNS server designed for relaying A and PTR queries.


* This file is a bit funny. The goal here is to use setns() to manipulate
* files inside the container, so we don't have to reason about the paths to
* make sure they don't escape (we can simply rely on the kernel for
* correctness). Unfortunately, you can't setns() to a mount namespace with a
* multi-threaded program, which every golang binary is. However, by declaring
* our init as an initializer, we can capture process control before it is
* transferred to the golang runtime, so we can then setns() as we'd like
* before golang has a chance to set up any threads. So, we implement two new
* lxd fork* commands which are captured here, and take a file on the host fs
* and copy it into the container ns.
* An alternative to this would be to move this code into a separate binary,
* which of course has problems of its own when it comes to packaging (how do
* we find the binary, what do we do if someone does file push and it is
* missing, etc.). After some discussion, even though the embedded method is
* somewhat convoluted, it was preferred.
Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier